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IT Budget Boosts Seen in 2004 


Security, Web services | 
and CRM among areas | 
of increased spending | 


BY THOMAS HOFFMAN 
Improved corporate revenue 
and pent-up demand for long- 
delayed technology projects 
are expected to contribute to a 
3% to 5% increase in overall IT 
spending next year, according 
to several industry researchers. 
And as IT managers enter 
the final stages of negotiating 
their 2004 technology budgets 





IBM Pushes 


Data Center 
Provisioning 
Like HP and Sun, to 
offer software to control 
computing resources 


BY THOMAS HOFFMAN 
Looking to trump offerings 
from Hewlett-Packard Co. and 
Sun Microsystems Inc., IBM 
this month plans to begin 
rolling out a set of in- 
telligent system-pro- 
visioning tools that 
can track the use of 
mainframes, servers and stor- 
age devices and automatically 
redirect data flows as needed. 
IBM this week will an- 
nounce an initial product 
that’s primarily focused on 
redirecting Internet traffic 


RESOURCE 
OPTIMIZATION 


with CEOs and other business 
executives, initiatives such as 
security, Web services and 
CRM are expected to benefit. 
However, there isn’t una- 
nimity on the likelihood of a 


| rise in IT investments next 
| year, judging by comments by 
| IT professionals and industry 


analysts in interviews last 


| week. For example, Gartner 
| Inc., IDC 


and Alinean LLC 
all forecasting small spe ce 


| increases. But Meta Group 
| Inc. said it expects IT outlays 


Spending, page 39 


among different Web servers. 


; Company officials said that 


tool, called Tivoli Intelligent 


| Orchestrator and due for re- 
| lease late this month, will be 
| joined later this year and in 


2004 by software that can sup- 


| port CRM systems and other 
| complex applications. 


The overall product offer- 
ing, code-named Symphony, is 


| being designed to help IT 


managers take advantage of 
underutilized computing re- 


| sources and move processing 
| workloads off of systems that 


are nearing their ca- 
pacity thresholds. 
Frank Webb, a 
technology manager 
at insurer American Interna- 


| tional Group Inc. in Jersey 
| City, N.J., said many IT admin- 
| istrators would likely be inter- 


ested in such tools. But he not- 


| ed that IT spending “is pretty 


Symphony, page 39 
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BY DAN VERTON 
WASHINGTON 


The W32.Blaster worm may 


have contributed to the cascad- 


ing effect of the Aug. 14 black- 
out, government and industry 
experts revealed last week. 

On the day of the blackout, 
Blaster degraded the perfor- 
mance of several communica- 
tions lines linking key data 
centers used by utility compa- 
nies to manage the power grid, 
the sources confirmed. 

“It didn’t affect the [control] 
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Blaster Worm Linked to 
Severity of Blackout 


Exposure of communications flaws heightens 
concerns about security of the US. power gr id 
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systems internally, but it most 
certainly affected the timeli- 


| ness of the data they were re- 


ceiving from other networks,” 
said Gary Seifert, 
at the U.S. Department of En- 
ergy’s Idaho National Engi- 
neering and Environmental 
Laboratory in Idaho Falls, re- 
ferring to flow-control and 


a researcher 


Bootleg IT projects are 

a fact of corporate life, a 
Computerworld survey 
shows, from the unautho- 
rized CRM package in the 
marketing department to 
the Linux machine that 
comes in the back door. 


Savvy ClOs are learning 
how to cope. Page 27 


load-balancing data that’s 
transmitted over public tele- 
communications networks. “It 
certainly comp ounded the 


| problems” relating to the con- 
| gestion of key communica- 


tions links used by utilities to 
coordinate contingency ef- 
forts, Seifert added. 

The inability of critical con- 
trol data to be exchanged 
quickly across the grid could 
have hampered the operators’ 
ability to prevent the cascading 
effect of the blackout, he said. 
Seifert stressed, however, that 
no one is certain at this point 

Blackout, page 4 


An ERP project done “under the radar” of Emcor’s i 
department was a disaster, says CIO 
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THE RIGHT PIECE 
BRINGS IT ALL 
TOGETHER. 


Imagine giving 

your applications 
optimal performance 
on blade servers. 


Thanks to the blade server platform, you've 
reduced everything—server size, space, cables, 
management overhead and most importantly, 
costs. But then you realize that even when 
consolidated, the new server platform still has 
to meet the same demands: it has to be highly 
available, secure, scalable and completely 
Paley) Mans performance. 


How do you meet those demands without 
sacrificing all you've just gained? F5‘s BIG-IP® 
Blade Controller software provides traffic 
management that virtualizes and load balances 
the blade server environment. Now you can pool 
blades and concentrate their power, route traffic 
to those that are performing well, and manage 
them as a single entity. And with BIG-IP Blade 
Controller loaded directly onto blade servers, 
you're guaranteed to achieve the high 
availability performance it takes to reliably 
deliver applications. 


Give your imagination free reign and your 
bottom line room to grow. ets 
Visit www.f5.com/bccw to learn more and 
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Corporate Express Goes Direct 


In the Technology section: Corporate Express, a 
$5.5 billion office products supplier, improved 
service and cut costs when VPs Bret MclIniss 
(far left) and Wayne Aiello integrated its sup- 
ply systems with those of its customers. Page 17 


Business Rules Come First 


‘in the Management section: Don’t start an IT 
project without a clear set of written rules about 
the way your company conducts business, advises 
author Ronald G. Ross in this excerpt from his book 
Principles of the Business Rule Approach. Page 30 
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Inadequate IT at NASA con- 
tributed to the Columbia dis- 
aster, according to the panel 
that investigated the crash. 


RFID technology is a threat to 
personal privacy, say critics. 


PeopleSoft renews its anti- 
Oracle refund offer, but Ora- 
cle calls it a gimmick. 


Automated patch manage- 
ment tools are attracting 
users seeking better protec- 
tion from security threats. 


Network Associates unveils 
network and security manage- 
ment tools for small and mid- 
size businesses. 


A military unit expands its 
deployment of network man- 
agement tools and robotic 
PCs to monitor the perfor- 
mance of a logistics system. 


Dell releases network man- 
agement software, and Dell 
PowerConnect switch users 
will get it for free. 


: 20 Stretching Tape Technology. 


IT administrators may com- 
plain, but tape will be around 
for at least another 10 years. 
Here’s why. 


: Future Watch: Genoa II: Man 


and Machine Thinking as 
One. Future technologies will 
make it possible for humans 
and computers to “think to- 
gether” in real time to pre- 
empt terrorist threats. 


Security Manager’s Journai: 
New Spam Policy: Return to 
Sender. Vince Tuesday’s 
strategy to automatically re- 
turn suspected spam before it 
can hit users’ in-boxes works 
perfectly — almost. 


6 


On the Mark: Mark Hall gets 
an earful from Sun on Java 
handheld security, and he also 
learns about the cost of spam 
filters that eliminate impor- 
tant e-mail. 


Maryfran Johnson thinks IT 
managers should seek part- 
nerships with business units 
that have started their own 
rogue IT projects. 


Pimm Fox surrenders to the 
spammers and virus creators 
who have ruined e-mail’s 
value. But he’s found a pos- 
sible alternative. 


Thornton May argues that 
world-class IT operations 
have a new view on what it 
means to be a true IT hero. 


24 Paul A. Strassmann says it’s 


hard to make a case for IT 
spending that’s mostly for 
creaky infrastructure. 


32 Paul Glen believes the work 


of archaeologists offers 
lessons for IT teams. 
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J2EE vs .Net: The Choice 
Depends on Your Needs 


DEVELOPMENT: The two platforms are 
remarkably similar, and incorporating a 
service-oriented architecture is a more 
important concern.@ QuickLink 40744 


A Look at Apple’s Power Mac G5s 


MACINTOSH: Computer consultant and 
Macintosh technician Michael de Agonia 
looks at Apple’s evolving enterprise-centric 
efforts. @ QuickLink 40865 


[OM NONSCIENTIFIC 


How to Succeed at 
Supply Chain Collaboration 
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The nation’s first automated 
emergency alert network is 


deployed in Oregon. 


Security vendor Sanctum up- 
grades tools for detecting se- 
curity flaws in software dur- 
ing the development phase. 


New international banking 
laws will require changes in 
banks’ IT infrastructures. 


McData aims to improve its 
storage switch technology 
through acquisitions. 


cat projects are going on with- 
out the knowledge or over- 
sight of IT departments 
everywhere. Sometimes they 
make a lot of sense for the 
company, but sometimes 
they’re disasters. 


29 Global Toolbox. Managers are 


using various tools — such as 
procurement software and 
videoconferencing — for 
managing contract develop- 
ment being done overseas. 


DEPARTM ENTS/RESOURCES 


bleak Labor Day for [T work- 
ers with some good news 
about how valuable your tech- 
nology skills are to business 
performance. 
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Suspect Arrested 
For Blaster Variant 


The FBI arrested a Minnesota 
teenager who is suspected of de- 
veloping a copycat variant of the 
W32.Blaster worm, which targets 
a security hole in Windows. Jef- 
frey Lee Parson, 18, of Hopkins, 
Minn., was being held on one 
count of intentionally causing or 
attempting to cause damage to a 
computer, officials said. Authori- 
ties allege that Parson created a 
so-called B-variant of Blaster and 
unleashed it via the Internet. (For 
more details, go to our Web site: 
QuickLink 40983.) 


Boeing, IBM Sign 
Voice IT Contract 


IBM said it has won a three-year 
contract worth an estimated $160 
million to manage The Boeing 
Co.’s worldwide voice communi- 
cations network. As part of the 
deal, IBM and Verizon Communi- 
cations will install a new voice 
management system for Chicago- 
based Boeing’s U.S. operations. 
IBM is also offering Boeing vari- 
able pricing on telephony systems 
and other technologies. 


Lockheed Martin 
Wins FBI IT Deal 


Lockheed Martin Corp. in Bethes- 
da, Md., said it has been awarded 
a five-year, $140 million contract 
to be the systems integrator on 
the FBI's Technology Infusion 
Program. The project is part of a 
plan by the FBI to develop a new 
enterprisewide IT security archi- 
tecture that’s aimed at better pro- 
tecting key data assets. 


Short Takes 


SUN MICROSYSTEMS INC. and 
SIEBEL SYSTEMS INC. this week 
plan to announce a joint develop- 
ment deal aimed at optimizing the 
performance of Siebel’s CRM 
software on Sun Solaris servers. 

. .. PEOPLESOFT INC. said it has 
bought the remaining shares of 
J.D. EDWARDS & CO. (See related 


story, page 6.) 





Continued from page I 


Blackout 


| what caused the blackout. 


A former Bush administra- 
tion adviser who has consult- 
ed with the U.S. Department 
of Homeland Security on the 
power grid issue said the 
Blaster worm also hampered 
the ability of utilities in the 
New York region to restore 
power in a more timely man- 
ner because some of those 
companies were running Win- 
dows-based control systems 
with Port 135 open — the port 
through which the worm at- 
tacked systems. 

Utilities that responded to 


; requests for comment for this 
| article said they weren't ad- 
| versely affected. 


Carol Murphy, vice presi- 
dent of government affairs at 
the New York Independent 
System Operator, acknowl- 
edged that Blaster affected the 
utility but said the problem 


| was handled quickly, with no 


| impact on power restoration 


operations. Joe Petta, a spokes- 
man for Consolidated Edison 
Company of New York Inc., 
said there were “absolutely no 
computer-related problems of 
any sort that delayed our 
restoration effort.” 

The contro] systems re- 


| ferred to by Seifert, also 


known as supervisory control 
and data acquisition (SCADA) 
systems, are used to manage 
large industrial operations, 
such as the natural gas and 
electric power grids. They’re 
often based on Windows 2000 


or XP operating systems and 


rely on commercial data links, 
including the Internet and 
wireless systems, for exchang- 
ing information. 

Scott Charney, chief securi- 
ty strategist at Microsoft 
Corp., said that Blaster raised 
a security and network perfor- 
mance issue for all Microsoft 
customers and that there was 
nothing unique about the elec- 
tric power industry. 

Joe Weiss, a control system 


| expert and executive consul- 


tant at Cupertino, Calif.-based 
Kema Consulting Inc., said 
that in the Blaster case, the 
power grid fell victim to a 





NEWS 


worm that attacked the com- 
munications infrastructure. 

However, the control sys- 
tems themselves are also at 
risk. 

Current and former energy 
industry executives, as well as 
the former Bush administra- 
tion security adviser, told 


| Computerworld on condition 


of anonymity that the January 
outbreak of the Slammer 
worm affected the real-time 
control environment of “sev- 
eral” utility companies around 
the country. 

One of those companies was 
Akron, Ohio-based FirstEner- 
gy Corp. Although FirstEnergy 
has said publicly that Slammer 
didn’t infect any of the control 
systems at its Davis-Besse nu- 
clear power plant in Oak Har- 
bor, Ohio, knowledgeable 
sources said the worm did 
cause disruptions. However, 
the plant was in “cold shut- 
down maintenance mode” and 
wasn’t producing electricity at 
the time, the sources said. 
FirstEnergy didn’t respond to 
a request for comment. 

“Because Slammer didn’t 
cause any loss of power, it 
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Recommendations 
For SCADA Security 


= Protect SCADA system net- 
works from the Internet and other 
company networks via firewalls. 


s Firewall rules should deny all 
network traffic that isn’t specifi- 
cally required for the operation of 
the critical system and supported 
operations. 


For open ports, restrict traffic 
to those addresses from which such 
traffic is expected. 


= Do not permit VPN tunneling 
through the SCADA network securi- 


= Restrict remote access to 
SCADA networks. 


wasn’t reported by the utilities 
that were infected,” said an in- 
dustry executive who had dis- 
cussions with utility officials. 
A spokesperson for the 

North American Electric Reli- 
ability Council (NERC), which 
is helping to spearhead a task 
force to study the causes of 


Power Grid IT Contract Up for Bid 


WASHINGTON 

The electric power industry this 
week plans to take the first step in 
a $100 billion modernization pro- 
gram by requesting bids for a con- 
tract to develop an advanced 
modeling and simulation system 
capable of advising utilities on 
what actions to take in the event 
of a local power failure. 

The contract process is being 
spearheaded by the Electricity In- 
novation Institute (Ell), a high- 
tech research and development 
arm of the Palo Alto, Calif.-based 
Electric Power Research Institute 
(EPRI). 

The technological centerpiece 
of the EPRI plan is what's known 
in the energy industry as a “smart 
grid” capable of monitoring its 
own health at all times. It would 
alert officials immediately when 
problems arise and automatically 
take corrective actions that en- 
able the grid to fail gracefully and 
prevent a local failure frorn cas- 


cading out of control, as occurred 
on Aug. 14. 

T.J. Glauthier, CEO of the Ell, 
said the group plans to start 
demonstration projects and small- 
scale deployments of the model- 
ing and simulation system in less 
than five years. He said real-time 
vulnerability assessments are 
possible in a year. Glauthier said 
the bids are being requested for a 
“multimillion-dollar” contract, but 
he declined to elaborate on cost 
expectations. 

“Right now, there are sensors 
in some places, but not through- 
out the whole grid,” said Glau- 
thier. “So utilities don’t have a 
good instantaneous picture of 
what's happening.” 

The goal is for all of the na- 
tion’s utilities to have the model- 
ing tools necessary to simulate 
failures and their responses. That 
will allow them to determine in 
near real time what the conse- 
quences of those actions might 
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last month’s blackout, de- 
clined to comment on the role 
the Blaster worm may have 
played. However, a NERC re- 
port dated June 20, 2003, 
shows that the Slammer worm 
had a significant impact on 
some utilities. 

In one case, a server on a 
control center LAN running 
Microsoft’s SQL Server wasn’t 
patched, according to the re- 
port. “The worm ... apparent- 
ly [migrated] through the cor- 
porate networks until it finally 
reached the critical SCADA 
network via a remote comput- 
er through a VPN connec- 
tion,” the report states. As a 
result, “the worm propagated, 
blocking SCADA traffic.” 

In a second case documented 
by Princeton, N.J.-based NERC, 
a frame-relay-based control 
network using Asynchronous 
Transfer Mode “became over- 
whelmed by the worm, block- 
ing SCADA traffic.” D 


COMPLETE COVERAGE 


Read our “Blackout 2003” special 
coverage on our Web site: 


QuickLink a3550 
www.computerworld.com 


be for the larger national grid. 

The natural gas industry has 
used modeling and simulation for 
several years to improve decisicn- 
making during crises. 

“We used modeling and simu- 
lation this past year when looking 
at the potential for disruption in 
the interstate pipelines due to ter- 
rorism,” said Gary Gardner, ClO of 
the Washington-based American 
Gas Association. However, “the 
nature of gas pipelines is such 
that you can more easily segment 
and reroute supply,” he said. 

Joe Weiss, an analyst at Kema 
Consulting and a former technical 
manager at the EPRI, said indus- 
try standards are critical. 

“Standards are currently being 
developing in numerous different 
standards organizations, both in 
North America and internationally. 
There is a need for integration be- 
tween these different standards 
organizations” before any major 
modernization program can move 
forward, he said. 

-Dan Verton 
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Use of RFID Raises | 


Privacy Concerns 


‘Smart’ tags could 
profile consumers, 
critics contend 


BY JAIKUMAR VIJAYAN 
RIVACY CONCERNS re- 
lated to the use of ra- 
dio frequency identifi- 
cation (RFID) tech- 

nology got an airing at a re- 

cent California state legisla- 
tive hearing. 

RFID is a nascent technolo- 
gy that’s expected to eventual- 
ly replace bar codes. It uses 
low-powered radio transmit- 
ters to read data stored in tags 
that are embedded with tiny 
chips and antennas. 

Proponents of the technolo- 
gy say such “smart” tags can 
store more detailed informa- 
tion than conventional bar 
codes, enabling retailers and 
manufacturers to track items 
at the unit level. 

But privacy advocates who 
testified at the California 
hearing late last month said 
the technology has the poten- 
tial to seriously infringe on 
personal privacy. 

“If ever there was a technol- 
ogy calling for public-policy 
assessment, it is RFID,” said 
Beth Givens, director of the 
Privacy Rights Clearinghouse, 
an advocacy organization in 
San Diego. “RFID is essential- 
ly invisible and can result in 
both profiling and locational 
tracking of consumers without 
their knowledge or consent.” 

Placing RFID tags on con- 
sumer products will allow 
merchants to capture personal 
information about shoppers, 
Givens said. 

For example, the informa- 
tion contained on RFID tags 
could be picked up by readers 
in a store to reveal where a 
consumer purchased an item 
or how much he paid for it. 
This could result in unaccept- 
able profiling of consumers, 
she said. 





The unique information 
contained in each RFID tag 
could also be captured by vari- 
ous readers and used to track 
a person’s movements through 
tollbooths, public transporta- 
tion and airports, Givens said. 

“So far, the development 
and implementation of RFID 
has been done in a public- 
policy void. What is needed 
is a formal technology assess- 
ment process to be done by 
some sort of a nonpartisan 
body comprised of all stake- 
holders, including con- 
sumers,” she said. 


Inadequate Systems Play Role in 
Columbia Disaster, Report Finds 


That sentiment was echoed 
by Liz McIntyre, a spokes- 
woman for Consumers 
Against Supermarket Privacy 
Invasion and Numbering, a 
consumer advocacy group 
that also testified at the 
hearing. 

“Without some sort of over- 
sight, this technology could 
create a very frightening soci- 
ety,” McIntyre said. 

“RFID per se is not the big 
issue,” said Greg Pottie, an en- 
gineer at the Center for Em- 
bedded Network Sensing at 
i the University of California at 





Agency failed to integrate critical data 








BY DAN VERTON 
WASHINGTON 

Spaceflight is an inherently 
risky business, but the Nation- 
al Aeronautics and Space Ad- 
ministration’s reliance on 
e-mail and a flimsy spread- 
sheet application helped turn 
risk into disaster. 

That’s one of the main con- 
clusions of last week’s long- 
awaited final report by the Co- 
lumbia Accident Investigation 
Board (CAIB). The board con- 
cluded that “deficiencies in 
communication... were a 
foundation for the Columbia 
accident.” 

The CAIB, chaired by re- 
tired Navy Adm. Hal Gehman, 
painted a picture of a massive 
bureaucracy that relied on in- 


formal e-mail communications | 


to manage the in-flight analy- 
sis of the damage to Colum- 
bia’s left wing by a piece of in- 
sulating foam that broke loose 
during takeoff. 

This led to a series of dis- 
cussions that took place in a 
vacuum, with little or no 


cross-organizational commu- 
| nications and often no feed- 
back from senior managers 


| contacted by low-level engi- 
| neers with concerns about the 
| shuttle’s safety, the report said. 


In its attempt to answer why 


| aseemingly IT-savvy agency 


would rely on little more than 


| e-mail to communicate critical 


analyses, the CAIB discovered 


| that there were deficiencies in 


problem- and waiver-tracking 


| systems, and that the exchange 
| of communications across 
| NASA hierarchy was limited. 











Los Angeles. “The major ques- 
tions relate to sharing of digi- 
tal information, however that 
information is collected.” 

A representative from AIM 
Inc., The Association for Au- 


| tomatic Identification and 


Data Capture Technologies, a 
Pittsburgh-based proponent of 
the use of RFID technology, 
also testified at the hearing 


| but didn’t return calls seeking 
| comment. However, the orga- 


nization has created a work- 
group that’s focused on ad- 
dressing privacy concerns 
relating to RFID. 

According to the organiza- 
tion’s Web site, it believes that 
“RFID presents no more of a 
threat to individual privacy 
than the use of cell phones, 


| toll tags, credit cards, the use 
| of ATM machines and access- 


control badges.” DB 


| assurance personnel use it 
only on an ad hoc basis, there- 
| by limiting its utility.” 


The CAIB report also 


| slammed NASA for its re- 
| liance on a modeling and sim- 


| ulation tool called Crater that 


A major element in NASA's 
management and decision- 


| making failures was its inabili- | 


ty to integrate critical safety 
information and analysis, the 
report said. “The agency’s lack 
of a centralized clearinghouse 
for integration and 
safety further hin- 
dered safe opera- 
tions,” it said. 

And while NASA 
does have an auto- 
mated system in 
place to track so-called critical 
items related to safety, “the in- 
formation systems supporting 
the shuttle — intended to be 

tools for decision-making — 

are extremely cumbersome 
and difficult to use at any 
level,” the report said. 

“The Lessons Learned In- 
forrnation System database 
is a much simpler system to 
use, and it can assist with 
hazard identification and 
risk assessment,” the board 
concluded. “However, per- 
sonnel familiar with the 
Lessons Learned Informa- 
tion System indicate that de- 

sign engineers and mission 





To read the CAIB re- 
port and transcripts 
of NASA's response, 
visit our Web site: 

@ QuickLink a3570 
computerworld.com 


was, in the board’s opinion, 

‘inadequate” to evaluate the 
damage caused to Columbia 
by the foam impact. 

In fact, Crater is nothing 
more than a spreadsheet that 
matches the size of debris 
strikes with damage 
to protective heat 
tiles based on tests 
and observations 
from previous shut- 
tle flights. 

NASA Adminis- 


| trator Sean O’Keefe said the 


agency plans within the next 


| 30 days to establish a NASA 
| Engineering and Safety Center 


to act as the central clearing- 
house for all safety data inte- 


| gration and collaboration as 


recommended in the report. 

In addition, he said, engi- 
neers will be researching ways 
to communicate more data 


| from shuttle sensors to ground 


control centers to give offi- 
cials more accurate real-time 
data. They will also work on 
improving the digitization of 
shuttle engineering drawings 
to expedite safety investiga- 
tions, O’Keefe said. B 
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CA Agrees to Settle 
Class-Action Suits 


Computer Associates Interna- 
tional Inc. said it has agreed to | 
settle three class-action lawsuits 
that were filed five years ago 
over its accounting practices. CA 
will take a pretax charge of $144 
million during its current quarter 
to cover the deal, under which it 
will issue up to 5.7 million 
shares of new stock. The settle- 
ment won't affect ongoing gov- 
ernment investigations of CA’s 
accounting policies, the Islandia, 
N.Y.-based company said. 


Siebel Adopts New 


Governance Rules 


Siebel Systems Inc. in San Ma- 
teo, Calif., plans to make several 
corporate governance changes 
as part of an agreement to settle 
an excessive-compensation law- 
suit filed last year by the Teach- 
ers’ Retirement System of 
Louisiana. Among other steps, 
the CRM software vendor said it 
will add a new board member 
and ensure that only outside di- 
rectors serve on its executive 
compensation committee. 


Amazon Targets 
E-mail Spoofers 


Amazon.com Inc. said it has filed 
11 lawsuits against online mar- 
keters in the U.S. and Canada, 
claiming that they illegally used 
its name in spam e-mail. One of 
the alleged e-mail forgers has 
agreed to a settlement, it added. 
The Seattle-based online retailer 
said it’s working with Internet 
service providers to find techni- 
cal ways to make it harder to 
spoof e-mail addresses. 


Short Takes 


SILICON GRAPHICS INC. said it 

will cut 600 more jobs, reducing 
its workforce to a total of 3,000 
employees. . . . SUN MICROSYS- 
TEMS INC. and HITACHI LTD. ex- 
tended through 2006 a deal un- 
der which Sun resells Hitachi- 

made storage devices. | 





MARK HALL 


NEWS 


2 ON 


THE MARK 


Sun Disputes Claim 


That Java Handhelds ... 


. lack the security of other Java systems [QuickLink 40320]. Tim 
Lindholm, CTO of Sun’s consumer and mobile systems group, ac- 
knowledges that a Java-ready cell phone doesn’t have everything in 
your desktop’s Java virtual machine. But to imply that a mobile de- 
vice’s JVM is less secure, “is something we think is an oversimplifica- 
tion,” he argues. He says the famous Java “sandbox” that refuses to 
execute code outside of its domain, thus ensuring software security, 


remains in force. There are more than 
100 million Java devices on the market, 
and “we’ve never had anyone break the basic 
sandbox,” he claims. Some class libraries 
that handle cryptographic functions were 
the only things removed from a hand- 
held’s JVM. Those are important features, 
but Lindholm suggests that the move is- 
n’t so much a security problem for users 
as it is “an inconvenience for program- 
mers” who want to encrypt data to and 
from the handset. And Java mobile units 


will get even more secure next waco when 


device vendors start ship- 
ping Java handhelds with 
secure HTTP, which will 
handle encryption via Se- 
cure Sockets Layer. ® Part 
of the problem that faces Web 
developers using Java, claims 
Hollis Tibbetts, vice presi- Gr 
dent of marketing at M7 City, 
Corp. in Cupertino, Calif., is 
that “as you start adding 
multiple back-end systems 
and packaged applications 
along with business proc- 
esses, Java becomes diffi- 
cult to maintain.” To the 


rescue in three weeks will be the release 
of the company’s upgraded Java develop- 


| er suites, M7 Enterprise 4.0 and M7 Pro- 


| 
| 


Lie RsrZemee lee Wee icles 
to a giant corporation’s 
supply chain will get more 
se ” the end of Q4 when 


EV AMS Tele G 
Vara CY UES) 
chain tool. It will come with 
features like RFQ manage- 
ment, Web services and 
enhancements for the ver- 
rica el Pel 


fessional 4.0. Both are designed to permit 
the rapid prototyping of Java applica- 
tions. Probably more important will be 
the ability to revise the code of live Web 
pages. The enterprise version also adds 
compatibility with webMethods Inc:’s ap- 
plication connectors, and both versions 
will be ready to support the Struts frame- 
work for Java developers. ® If your Web 
el is intended to generate busi- 
5 ws ness — and whose isn’t? — 
= you'd better know what vis- 
itors are doing on your site. 
But if you rely on analytical 
tools that depend on a Web 
site’s log files, as so many 
do, you’re using technology 
that has “inherent miscalcula- 
tions.” So claims Geoff Si- 
mon, president of Acclivity 
LLC, a start-up in North- 
ridge, Calif. His $99-a- 
month Precision Tracking 
service will analyze your 
site’s traffic in real time us- 
ing the internal session 


in Redwood 





www.computerworld.com 


cache. Data from it, he purports, can help 
you “optimize your site to get users to do 
what you want them to do.” You can sign 
up for a free 15-day trial of the service at 
www.acclivitymarketing.com. What’s 
more, the service can link its visitor- 
tracking data to opt-in customer commu- 
nications, thus improving the effectiveness 
of your spam, er, e-mail marketing campaigns. 
= If they truly are opt-in messages, the 
spam-filtering technology from Front- 
Bridge Technologies Inc. is designed to 
let them pass through. That’s because the 
Marina Del Rey, Calif., company is build- 
ing a reputation as an ace spam fighter that 
eliminates false positives. Most spam filters 
regularly snag a few e-mails that you re- 
ally want, forcing you to dig through long 
lists of porn come-ons and scams from 
central Africa so as not to miss an impor- 
tant missive. San Francisco-based Ferris 
Research estimates that false positives cost 
U.S. companies about $50 per employee, or 
$3.5 billion per year. Dan Nadir, Front- 
Bridge’s vice president of marketing, says 
most spam filters depend on e-mail users 
creating their own whitelists, which 
specify given domains or correspondents 
whose messages you want to receive. He 
dismisses that approach as “ceding re- 
sponsibility to the user.” In addition to 
blacklists and other techniques, Front- 
Bridge’s TruProtect Message Manage- 
ment Suite service uses a powerful rules- 
based engine that runs through 10,000 
rules to determine whether a message is 
spam or legitimate. The result: The com- 
pany “guarantees” only one false positive 
per | million messages while eliminating 
virtually all spam. Because spammers 
continue to improve their techniques, 
however, FrontBridge intends to add 
technology by month’s end that will track 
spammers to their source servers and 
block all messages from them. Almost 
makes you pity the poor spammer. D 





PeopleSoft Renews Its 
Anti-Oracle Refund Offer 


BY TODD R. WEISS 
PeopleSoft Inc. last week said 
it has reinstated a refund offer 
that would entitle buyers of its 
business applications to get 
their money back, and more, if 
the company is bought out 
and the new owner discontin- 
ues PeopleSoft products. 

The so-called customer as- 
surance program gives new 
and upgrading customers 
guarantees that they will be 
paid two to five times the cost 


of their software licensing 
contracts if the triggering 
events occur, according to 
PeopleSoft officials. 

The Pleasanton, Calif.-based 
company first instituted the 
money-back guarantee in June, 
after Oracle Corp. announced 
its hostile bid to acquire Peo- 
plesoft [QuickLink 39343]. The 
strategy was aimed at keeping 
worried users from delaying 
purchases, and it appeared to 





work: PeopleSoft reported 





higher-than-expected sales for 
the second quarter and said 
more than half of its license 
revenue came from deals that 
involved the refund offer. 
PeopleSoft ended the refund 
program at the end of June, 
but spokesman Steve Swasey 
said it’s being brought back 
now because Oracle’s takeover 
bid is still in play. “There has 
been a lot of uncertainty 
caused by Oracle,” he said. 
“This thing has lingered on.” 
No expiration date has been 
set on the offer, he said. 
PeopleSoft’s decision to 
again offer refunds was “a 
sharp move,” said Michael 





Dominy, an analyst at The 
Yankee Group. “It’s a brilliant 
sales strategy.” He added that 
he was one of many analysts 
who didn’t expect PeopleSoft 
to meet its second-quarter 
sales forecast before it turned 
to the refund strategy. 

But Oracle spokeswoman 
Deborah Lilienthal said the 
customer assurance program 
“is nothing more than an un- 
sustainable gimmick.” The re- 
fund offer “is a moot point be- 
cause Oracle will support all 
of PeopleSoft’s customers for 
a period that far exceeds the 
support deadlines PeopleSoft 
intends to meet,” she added. D 








The body coordinates 639 muscles to meet changing demand. 


IBM ‘TotalStorage 


re. 


Neue oem Sele oh chal 
changing demand. On demand. 





8 COMPUTERWORLD September 1, 2003 


NEWS 


Users Turn to Automated 
Patch Management ‘Tools 


Blaster, other 
worms highlight 
need for protection 
BY JAIKUMAR VIJAYAN 
OPING to better pro- 
tect themselves 
against escalating 
security threats 
such as the W32.Blaster worm, 
user companies are taking a 
fresh look at automated patch 
management technologies. 
These products, which are 
available from a growing num- 
ber of vendors, help users look 
for new patches, scan their 
networks for vulnerable sys- 
tems and automatically dis- 


tribute the appropriate patches | 


when required. But they don’t 
lessen the need for companies 
to thoroughly test patches be- 
fore deploying them on their 
networks, users said. 

In the wake of its experi- 
ence dealing with Blaster, Bak- 
er Hill Corp., a Carmel, Ind.- 
based application service 
provider, has deployed auto- 
mated patch management 
technology from Ecora Soft- 
ware Inc. in Portsmouth, N.H. 

For about $5 per system per 
year, Ecora’s software alerts 
Baker Hill of new patches, 
scans its networks for systems 


eeeeescceccsesescess 


Corrections 

The Hands On Reviews feature in 
our Aug. 25 Technology section 
("Handhelds Try to Do it All”) in- 
correctly listed a secure digital 
expansion slot as one of the fea- 
tures built into Handspring Inc.'s 
Treo 300 handheld device. The 
overall grade and value for the 
money rating that were given to 
the Treo 300 remain the same. 


ir our Aug. 25 issue's Q&A with 
Microsoft Corp. Vice President 
dim Allchin, the value of the con- 
tract between Microsoft and the 
Department of Homeland Securi- 
ty was stated incorrectly. The 
correct value is $90 million. 





| that need them and automati- 
| cally distributes them, said 


Eric Beasley, senior network 
manager at Baker Hill. The 
technology lets the company 
schedule patch deployment 


| for specific groups of systems 


and enables it to quickly roll 
back patches that don’t work. 
“Till now, we felt we didn’t 
have the business case to say 
we want to spend money on a 
patch management system,” 
Beasley said. But threats such 
as Blaster have highlighted the 
need for companies to “patch 
very aggressively,” he said. 
Vendors offering patch 
management products include 
Shavlik Technologies LLC in 
Roseville, Minn., St. Bernard 
Software Inc. in San Diego and 
PatchLink Corp. in Scottsdale, 


| Ariz. Some vendors, such as 


Ecora and Configuresoft Inc. 


| in Woodland Park, Colo., offer 
| patch management functions 


as a component of their con- 
figuration management soft- 
ware. And Microsoft Corp. of- 
fers a similar function with its 
Software Update Services. 
Driving the need for such 

tools is the simple fact that 
manual processes aren’t suffi- 


| cient to enable companies to 


stay current with patches, said 
Anthony DeVoto, Windows 


| NT administrator at Volvo 


Finance North America in 


| Montvale, NJ. 


There is a need for tools 
that help companies “more 
readily identify patches that 
are applicable to their specific 
operating environments,” said 
Carl Cammarata, chief infor- 
mation security officer at 
AAA Michigan in Dearborn. 

With the dramatic increase 
in the number of vulnerabili- 
ties being reported, it has be- 
come important for compa- 
nies to have tools that can au- 
tomatically deploy only the 


patches that matter, users said. 


According to the CERT Co- 
ordination Center in Pitts- 
burgh, more than 4,000 soft- 
ware vulnerabilities were re- 





ported in 2002, compared with 
2,400 in 2001. Just under 2,000 
were reported through July of 
this year. 

“Patch management seems 
to have found itself a full-time 
position within IT security de- 
partments,” DeVoto said. 

Volvo is a user of St. Ber- 
nard’s patch management soft- 
ware and was able to deploy 
the patches for Blaster in a 
matter of hours, DeVoto said. 
Despite the automatic distrib- 





ution that’s enabled by St. 
Bernard, no patching is done 
without testing the software 
first, DeVoto added. 

The fact that patches still 
need to be tested before they 
can be deployed has Bruce 
Azuma, corporate director of 
information technologies at 
Broadview, Ill.-based Wilbert 
Inc., considering outsourcing 
the company’s patch manage- 
ment functions. “Patching is an 
area... we have a lot of issues 
with at this time,” he said. D 


MORE BLASTER 


Read more about the Blaster worm on our 
special coverage page: 
QuickLink a3580 
www.computerworld.com 
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PRODUCT INFO 


Asampling of patch 
management products: 


VENDOR: Shavlik Technologies 
PRODUCT: HFNetChkPro 


COMMENTS: Deploys patches in 
several environments, including 
Windows NT, XP and 2000; 
Windows Server 2003; Microsoft 
Exchange; and Java virtual 
machines. 
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VENDOR: St. Bernard Software 
PRODUCT: UpdateExpert 


COMMENTS: A new feature in 
the latest version allows the soft- 
ware to be managed by Hewlett- 
Packard Co.'s OpenView. 





Network Associates Adds Low-End 
Management and Security Tools 


Pricing about half the cost of Sniffer line 





BY MATT HAMBLEN 

Network Associates Inc. last 
week announced network and 
security management software 
for small and midsize users, 
saying that the products top 
out in price at about half of 
the $12,000 starting cost for its 
enterprise-class Sniffer tools. 

The new Netasyst Network 
Analyzer software is designed 
for use in managing 10/100 
Ethernet installations and 
802.11 wireless networks at 
companies with up to 500 end 
users, said Chris Thompson, 
vice president of product mar 
keting at Network Associates 
in Santa Clara, Calif. 

Netasyst can automate net- 
work and application prob- 
lem-resolution efforts and 
provide IT managers with 
packet-level data about net- 
work performance and the 
functioning of firewalls, intru- 
sion-detection systems and 
other security technologies, 
Thompson said. 

Austin Bank began testing 
Netasyst early last month on 
a network that supports oper- 


| ations at 19 branch offices, 


said Jeff Sowell, a network en- 
gineer at the Jacksonville, 
Texas-based bank. The bank 
has used the tool to monitor 





slow response times on a Mi- 
crosoft SQL Server database 
application and to track an 
apparent network intruder, 
who turned out to be a tele- 
phone technician who was us- 
ing the network for mainte- 
nance purposes without noti- 
fying the bank. 

Sowell said he looked at 
several network management 
products but liked the idea 
of using a tool from a well- 
known vendor. In addition, 
Netasyst turned out to be easy 
to use. An Expert Analysis fea- 
ture “is handy for somebody 


Netasyst 
Network Analyzer 





like me that doesn’t do this 
every day,” he said. “It makes 
any idiot pretty good at ana- 
lyzing traffic.” 

Network Associates is pri- 
marily known as a vendor of 
security software for large 
companies, said Stephen 
Elliot, an analyst at IDC in 
Framingham, Mass. But the 
network management market 
for smaller businesses is frag- 
mented and not well served by 
management tools vendors 
such as IBM’s Tivoli Software 
unit, Computer Associates In- 
ternational Inc. and Hewlett- 
Packard Co., Elliot said. 

The closest competitors to 
Netasyst are products from 
Ipswitch Inc. in Lexington, 
Mass., WildPackets Inc. in 
Walnut Creek, Calif., and Net- 
work Instruments LLC in Min- 
neapolis, he added. 

Netasyst is based on tech- 
nology that’s used in the Snif- 
fer product line, Thompson 
said. But the new offering will 
be sold as software, whereas 
most of the Sniffer products 
are appliances that include 
both software and dedicated 
hardware. 

Another distinction be- 
tween the two technologies is 
that Netasyst won’t work on 
Gigabit Ethernet networks or 
over WANs, Thompson said. D 
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Military Unit Expands Use of Monitoring 


Tools to Detect Performan 


‘Transcom measures application | 
response times with robotic probes | 


BY MATT HAMBLEN 
The US. military’s unified 
transportation unit is expand- 
ing a deployment of network 
management tools and robotic 
PCs that monitor 
end-user experi- 
ences on the global 
system used to make 
sure that troops, 
weapons and supplies arrive 
on time and in the right places. 

The U.S. Transportation 
Command (Transcom) for 
more than a year has been us- 
ing 24 PCs that function as au- 
tomated probes in an effort to 
detect performance problems 
affecting users at its 1,100- 
worker headquarters at Scott 
Air Force Base in Belleville, Ill. 
Now, the unit is beginning to 
roll out the technology for use 
on the transportation systems 
run by the U.S. Air Force, 
Army and Navy. 

Frank Barncord, a civil ser- 
vant who is team leader of 


Nae 
CU 


Transcom’s service-assurance 
section, declined to disclose 
details about the wider de- 
ployment plans. But he said 
Transcom is expanding the 
use of the automat- 
ed probes to the 
various military 
branches because 
the technology has 
helped improve performance. 
The command's IT staff 

“has been able to identify ser- 
vice failures ahead of system 
failures,” Barncord said. “We 


when something is wrong.” 
The robotic PCs used by 
Transcom are equipped with 
BMC Software Inc.’s Patrol 
End-to-End Response Timer 
software, which starts at 


custom reporting tools. 
The PCs are programmed to 
periodically run different appli- 





| time it takes to access databas- 


Dell to Release Network 
Management Software 


Tools are free for users of its switches 





BY MATT HAMBLEN 
Dell Inc. this week will an- 
nounce a set of network man- 
agement tools that it plans to 
offer at no extra cost to users 
of its PowerConnect line of 
switches. 

The OpenManage Network 
Manager software is designed 
to help IT staffers centralize 
the management of PowerCon- 
nect installations that include 
more than 10 switches, said Ul- 
rich Hansen, a senior product 


manager at Dell, which entered | 


the market for networking 
equipment two years ago. 
Network managers will be 
able to use the software to de- 
ploy firmware updates and 


change the configurations of 
multiple switches with a sin- 
gle operation, saving time and 
money compared with doing 
such work on individual de- 
vices, Hansen said. In addi- 
tion, the new products, which 
join existing OpenManage 
tools for servers and PCs, can 
track networking gear made 
by rival vendors, diagnose net- 
work problems and schedule 
data backup operations. 

Dell’s network management 
tools could be useful to IT 
managers at small and midsize 
businesses, said Stephen Elliot, 
an analyst at IDC in Framing- 
ham, Mass. But he added that 
| they won’t compete against 





| don’t want customers to tell us | 


$5,000 per system, plus a set of | 


cations and measure how much | 
| problems that might otherwise 


ce Glitches 


es, internal Web pages and oth- 


| er computing resources. 


Barncord said Transcom 


| built a prototype of the system 
| in 2001, two years after it 


launched a project involving 


| the use of eight other BMC Pa- | 
| trol products to manage differ- | 
ent systems on its network. 


After the initial Patrol in- 


| stallation, Transcom recorded 
| a 239% increase in its average 

| time between system failures, 
| according to Barncord. But 


that still wasn’t enough to im- 


| prove end-user performance 


to desired levels, so the com- 


| mand turned to the robotic 
| PCs. The deployment at 


Transcom headquarters began 
several months after the 
prototype was demonstrated 


| in September 2001. 


| Undetected Problems 


Doug Story, a lead contractor 
at NCI Information Systems 
Inc. in McLean, Va., who is 
working with Transcom, said 


| the PCs can alert systems ad- 


ministrators to performance 


OpenManage 

Network Manager 

includes: 

= Discovery and mapping of 

i 

= Management of devices on an 
individual basis or in groups 

= Event management when 
network problems occur 


® Automated scheduling of 
maintenance and upgrades 


= Performance monitoring 


| the software suites sold by 

| BMC Software Inc., Computer 
| Associates International Inc., 

| Hewlett-Packard Co. and 

| IBM’s Tivoli Software unit for 
| managing large networks. 


Instead, Dell’s technology is 


| comparable to Cisco Systems 


Inc.’s CiscoWorks software 
and products developed by 


go undetected. 

For example, about 
two months ago, the PCs 
detected slow user re- 


| sponse times on a variety 
| of applications, which 
| were traced two days lat- 


er to a proxy server that 


| tually, a database admin- 


| needed to be defrag- 
| mented. 








had been improperly re- 


booted, Story said. 


And six months ago, 
when some end users 
were moved to a fail- 
over site, the PCs found 


| slow response times, 


even though Transcom’s 


| network monitoring 


tools showed everything 
running properly. Even- 


istrator identified the 


culprit: a database that 


Transcom is about to begin 
a thorough study of the effec- 


| tiveness of BMC’s tools. But 
| Lt. Col. Scott Ross, a spokes- 


man for the command, said 


| the software has helped Trans 


com perform much more effi- 
ciently during operations in 
Iraq and Afghanistan than it 


| was able to do during the Per- 
| sian Gulf war in 1991. 


Jean-Pierre Garbani, an ana- 


lyst at Forrester Research Inc. 


Lexington, Mass.-based Ip- 
switch Inc., Elliot said. 

Steven Cartwright, director 
of systems and support at Om- 
nium Worldwide Inc. in Oma- 
ha, said the financial services 
firm plans to test Dell’s soft- 
ware on its network, which in- 
cludes 80 PowerConnect 
switches that are deployed in 
networking closets and its 
data center. 

Omnium already uses Open- 
Manage technology to control 
about 1,000 PCs and 100 
servers made by Dell, so the 
network management tools 
“will really fit well in our envi- 
ronment,” Cartwright said. 

The company has been us- 
ing the PowerConnect switch- 
es for the past 18 months. The 
Dell devices cost about one- 
third as much as comparable 
switches from market leader 
Cisco and have performed 
well, Cartwright said. But he 
added that Omnium plans to 


ae 


PME AM Rear um amelie) 
Transcom, is using robotic PCs to help 
ensure that troops have what they need. 


| in Cambridge, Mass., said that 
| Transcom’s use of robotic PCs 
| to measure end-user perfor- 
| mance is advanced compared 
with what most IT depart- 
| ments do. 
But he added that corporate 
network managers should 
| make similar measurements, 
| “because applications have 
grown so complex that no- 
| body has a good picture of 
how an application works.” D 


| keep using Cisco products as 
its primary data center switch- 
| es and put PowerConnect on 
the edges of its network. 
Another Dell user, Intervet 
Inc. in Millsboro, Del., also 
| plans to evaluate the new 
| management software as its 
| network grows larger, said 
| Chad Elliott, a technology 
| team leader at the maker of 
| animal health care products. 
Intervet has installed four 
Dell switches as well as de- 
| vices made by Cisco. The net- 
| work management tools will 
| add to the “whole equation” for 
justifying the use of Dell’s hard- 
ware, Elliott said. “From what 
| I’ve heard about the software, it 
does sound valuable,” he added. 
Dell offers eight PowerCon- 
nect products and has sold 
| about 50,000 of the switches 
thus far, according to Hansen. 
“We're still a recent addition 
| to the market, and we have 
| room to grow,” he said. D 
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Overseer Calls for 
Changes at MCI... 


WorldCom Inc.’s court-appointed 
monitor filed a report recommend- 
ing 78 corporate governance 
changes at the company, which 
now does business under its MCI 
brand name. Included is a separa- 
tion of the chairman and CEO jobs 
now both held by Michael Capel- 
las. MCI said its board worked col- 
laboratively on the report and has 
already voted to adopt all of the 
recommendations. 


. . » While Oklahoma 
Charges Company 


Meanwhile, Oklahoma’s attorney 
general filed 15 felony charges 
against MCI and six of its former 
executives over the accounting 
scandal that ied to its bankruptcy 
filing. MCI said it will cooperate 
but claimed that pursuing the case 
would punish its customers and 
employees. Also, MCI launched an 
offer to buy the remaining shares 
of Digex Inc., a Laurel, Md.-based 
hosting vendor in which it owns a 
controlling interest. 


Attack Takes Down 
SCO’s Web Site 


The SCO Group Inc.’s Web site 
was inaccessible from Aug. 22 
through Aug. 25 because of a 
denial-of-service attack, the sec- 
ond attack launched against the 
Lindon, Utah-based company 
since May. The site was also off- 
line for about 10 hours on Aug. 
26. But SCO, which is mounting 
a controversial legal campaign 
against Linux, said that outage 
was due to work it did in an at- 
tempt to mitigate the effects of 
any future attacks. 


Short Takes 


MIT confirmed that one of its Web 
sites was taken off-line after 
hackers overwrote all of the site’s 
files... . COMDISCO HOLDING CO. 
in Rosemont, Ill., plans to seil the 
assets of its U.S. IT equipment 
leasing business to BAY4 CAPITAL 
PARTNERS LLC in Tampa, Fla. 
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First U.S. Automated 
Alert Net Goes Live 


RAINS-Net a model 


| for possible national 


system, creators say 


BY DAN VERTON 
FTER 16 months of 
development and 
testing, a public/pri- 
vate security part- 
nership based in Oregon has 
activated what’s being de- 
scribed as the nation’s first 
fully automated, Web-based 
regional security alert system 
Known as RAINS-Net and 


developed by the Regional Al- 


liances for Infrastructure and 
Network Security, a partner- 
ship of 60 IT vendors and 
more than 300 public and pri- 
vate organizations, the system 
will provide automated alerts 
from the Portland 911 center to 
schools, hospitals, corporate 
building managers and others. 
The network, which started 
as a pilot project in March, has 
applications for any national 


| system that the U.S. Depart- 





ment of Homeland Security 
(DHS) might try to create. 
Charles Jennings, chairman 
of the RAINS alliance, and 
others have already briefed 
the DHS on the network and 
obtained federal assistance 
in setting up and designing 
RAINS-Net to be capable of 
supporting future homeland 
security requirements. 

There are currently two 
RAINS chapters, in Oregon 
and Washington state. How- 
ever, RAINS executives are in 
discussions with three other 
states about expanding the 
network and alliance member- 
ship, Jennings said. 

Jennings said other states 
could replicate the RAINS ap- 


| proach for much less than the 


$5 million initial development 
price — a bargain, he said, 
given the payoff. RAINS-Net 
in Oregon is the result of a 
$60,000 state grant, thousands 
of hours of volunteer software 
development work and tech- 
nologies donated by big IT 





companies that are based in 
Oregon or have a major pres- 
ence there, including Intel 
Corp., Fortix Inc., Tripwire 
Inc., Swan Island Networks 
Inc. and Centerlogic Inc. 
“Our nation’s security ex- 
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perts have acknowledged the 
need for a better way to com- 
municate sensitive informa- 
tion and to coordinate emer- 
gency response, [which is] 
especially critical in post-9/11 
America,” said Susan Zevin, 
acting director of the Informa- 
tion Technology Laboratory 

at the National Institute of 
Standards and Technology in 
Washington. “The RAINS-Net 
approach can serve as a model 
that could be adopted by cities 
throughout the nation.” D 


RAINS-Net System 
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Vendor Upgrades Tools for Detecting 
Security Flaws During App Development 


BY JAIKUMAR VIJAYAN 


| Security vendor Sanctum Inc. 


last week announced an en- 
hanced version of its AppScan 
software suite aimed at help- 
ing companies detect and fix 
security flaws during applica- 
tion development. 

Sanctum’s AppScan 4.0 
suite features new automated 
testing tools that enable qual- 
ity assurance (QA) and audit 
staff to test Web applications 
for security defects before 
they’re deployed. 

The AppScan 4.0 QA edi- 
tion allows quality testers to 
automatically create cus- 
tomized scripts for testing, 
comparing and validating po- 
tential security defects in Web 
applications, according to 





Steve Orrin, Sanctum’s chief 
technology officer. 
Integrating security testing 
into the application develop- 
ment life cycle is a lot more 
efficient than finding flaws in 
the postdeployment phase, 
when the risks and costs are 
much higher, said Pete Lind- 
strom, an analyst at Spire Se- 
curity LLC in Malvern, Pa. 


The Earlier the Better 


Health equipment manufac- 
turer The Nautilus Group in 
Vancouver, Wash., has used an 
earlier version of Sanctum’s 
software to test for defects in 
Web applications that have al- 
ready been deployed. 

“What we found out was 
that it was very expensive to 





catch security omissions and 
mistakes” at that stage, said 
Mark Shmulevsky, a systems 
architect at Nautilus. As a re- 
sult, the company recently be- 
gan using Sanctum’s testing 


NEW PRODUCT 


Creates customized tests 
for application security. 


m Facilitates communication 
of defect root cause to 
developers and other 
personnel. 


Exports results to standard 
defect tracking and man- 
agement systems. 
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tools during the application 
development and quality test- 
ing processes as well, with im- 
pressive results, he said. 

The tools enabled Nautilus 
to discover flaws in code that 
could lead to threats such as 
cookie poisoning, code injec- 
tion and manipulation, and 
buffer overflows on the Inter- 
net, according to Shmulevsky. 

“My developers were very 
pleased to know they could 
concentrate on sizing buffers 
to prevent overflows during 
the early development stages,” 
Shmulevsky said. 

Sanctum isn’t alone in this 
particular market. Other ven- 
dors with similar tools include 
SPI Dynamics Inc. in Atlanta, 
KaVaDo Inc. in New York and 
Cenzic Inc. in Campbell, Calif. 

“Any large company that is 
doing significant Web devel- 
opment is looking at these 
tools,” Lindstrom said. B 
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Global Standard Will Force Changes in Banks’ IT | 


Tighter database integration, new risk 
management engines will be needed 





BY LUCAS MEARIAN 
A proposed international reg- 
ulation that would require 
banks to tighten their integra- 
tion of different back-office 
systems and use more sophis- 
ticated risk management tools 
is expected to be finalized in 
the fourth quarter, thus push- 
ing companies to begin cap- 
turing customer data for com- 
pliance purposes by late 2004. 
The Bank for International 
Settlements (BIS) in Basel, 
Switzerland, is overseeing 
development of the new stan- 
dards, and it plans to require 
the 10 largest U.S. banks to 
comply by the end of 2006. 
From an IT standpoint, the 
proposal being considered by 
the BIS calls for banks to take 
steps such as developing 
rules-based risk management 
engines and knitting together 
customer databases. 
Complying with the new 
Basel Capital Accord, which 
is known as Basel II, could 
cost the U.S. financial ser- 
vices industry $12 billion by 
2006, according to a report re- 
leased last month by Tower- 
Group in Needham, Mass. 
Approximately 20 of the 
nation’s largest banks would 
likely have to spend between 
$50 million and $100 million 
each on technology in order to 
minimize the amount of mon- 
ey they must keep in reserve 
to offset credit and business 
risks, said TowerGroup ana- 
lyst Guillermo Kopp. 


Exercising Caution 

If it’s approved as expected, 
Basel II will increase the mini- 
mum amount of money that 
banks need to set aside to cov- 
er potential risks, which cur- 
rently equals 8% of the total 
capital they have on hand. The 
regulation will also add a new 
category of operational risk 
management, involving possi- 
ble problems such as late pay- 
ments or trades that don’t get 
processed because of systems 
or data-entry errors. 





But Basel II would provide 
undetermined financial incen- 
tives for institutions that man- 
age risk more proactively 
through the use of rules-based 
engines and internal reporting 


standards, Kopp said. He added | 


that improved automation of 
internal processes also could 
produce money-saving effi- 
ciencies and help users mini- 
mize their exposure to risks. 

Nonetheless, the Basel II 
proposal is generating con- 
cerns among both large banks 
and smaller institutions. 

For example, America’s 


McData Aims to Buy Its Way 


NEWS 


Community Bankers (ACB), a 
trade group in Washington 
that represents local banks, is 
opposed to Basel II as it cur- 
rently stands. ACB spokesman 
Jim Eberle said the group be- 
lieves that requiring the instal- 
lation of sophisticated IT sys- 
tems would place an unfair fi- 
nancial burden on small banks 
and savings-and-loan firms. 
“Tt’s our understanding that it 
does require a big outlay for a 
| small institution to be able to 
do the calculations for internal 
| risk models,” Eberle said. 
Meanwhile, Citigroup Inc. 
Chief Financial Officer Todd 
Thomson said in a July 31 let- 
| ter to the BIS committee shep- 
| herding the Basel II proposal 





To Better Storage Switches 


Plans to acquire 
two vendors, 
invest in a third 
BY LUCAS MEARIAN 
McData Corp. last week an- 
nounced plans to acquire two 
vendors of storage networking 
products and invest in a third 
company, as part of an effort to 
gain a functionality edge over 
storage switch rivals Brocade 
Communications Systems Inc. 
and Cisco Systems Inc. 
Broomfield, Colo.-based 


McData said it will buy Nishan 


Systems Inc. for $83 million in 
cash and pay $102 million for 
Sanera Systems Inc. In addi- 
tion, McData is paying $6 mil- 
lion to Aarohi Communica- 
tions Inc. for a 15% ownership 
stake and the right to use the 
San Jose company’s software 
and processors in a new line 
of intelligent switches. 
Together, the three deals 
are designed to help McData 
broaden its existing line of di- 
rectors for Fibre Channel stor- 
age-area networks (SAN) to 
include storage-over-IP capa- 
bilities. The technology addi- 
tions will also expand the port 
count on the devices it sells 


from a maximum of 140 now 
to 256, said Mike Gustafson, 


| wide marketing at McData. 
Sunnyvale, Calif.-based San- 
| era previewed its 256-port 
DS10000 Datacenter-Class 
Director at the Storage Net- 
working World conference in 
April but has yet to 
ship the product. 
Gustafson said that 
| in addition to the 
higher port count, 
a key technology 
| being developed by 
| Sanera is dynamic 
partitioning, which lets IT 
| managers carve up a switch 
| in order to support different 
applications separately. 
Nishan, which is based in 
| San Jose, makes multiprotocol 
switches that use the Internet 
Fibre Channel Protocol and 
Internet SCSI to transport 








senior vice president of world- | 





ARRAY UPGRADE 


IBM beefs up its FAStT600 
midrange disk array 
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Taking on Risk 
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E together islands of cus- 
tomer data to better track their 
transaction records. 
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operational risks. 


that measures proposed in the 
latest revisions would place 
banks on an uneven playing 
field with one another and put 


block-level data over Ether- 
net. Nishan’s switches encap- 
sulate Fibre Channel and SCSI 
data packets with IP headers, 


| allowing users to connect 


low-end servers to SANs for 


SANs. 

Gustafson said McData ex- 
pects to close the acquisition 
deal by October and then im- 
mediately make Nishan’s 
switches available to storage 
vendors on an OEM basis. 
Sanera’s switch is 
in beta-testing and 
is due for shipment 
in next year’s first 
quarter, he added. 

Support for the 
Fibre Channel over 
IP protocol also 
is in McData’s product plans, 
and the company intends to 
bring together the new de- 
vices and its existing switches 
under a single management 
platform. 

Denis Van Dale, network 
administrator at Steinbach 
Credit Union Inc. in Stein- 
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il 


them at a disadvantage against 
other financial services firms. 
The policy-based systems 
envisioned by BIS would be 
tied to so-called advanced 
measurement approaches re- 
quiring at least two years of 
historical transaction data 
about customers. To meet 
Basel II’s 2006 compliance 
deadline, banks would have 
to begin implementing the 
advanced policy engines and 
capturing data next year. 
According to TowerGroup’s 
report, U.S. banks with inter- 


| national operations will be 


hardest hit by Basel II’s in- 
creased capital reserves re- 
quirement. But the impact of 
the new regulation will be felt 
more widely, Kopp noted. 


| “Over time, everybody will 


need to comply,” he said. D 


| bach, Manitoba, uses Nishan’s 


switches to replicate banking 
data and other information 


| from the company’s primary 
| data center to a backup site 
| over a wireless IP network 

data backups or to link remote | 


[QuickLink 37171]. 

Van Dale said that for now, 
he’s not concerned about 
diminished support for the 
switches in light of the Mc- 
Data buyout. But, he added, 


| “time will tell.” 


| Follow the Leader 


Tom Buiocchi, director of 
product marketing at San Jose- 
based Brocade, claimed that 
McData is simply playing 


| catch-up with it and Cisco. 


“This is a well-known pro- 
gression in technology that 
the other two of us have been 


| offering for some time now,” 


Buiocchi said. For example, 


| Brocade obtained storage- 
| over-IP capabilities when it 
| bought Rhapsody Networks 


Inc. in January. 
But Nancy Marrone-Hurley, 


| an analyst at Enterprise Stor- 


age Group Inc. in Milford, 
Mass., said McData has now 
surpassed Brocade on func- 


| tionality and is going head-to- 


head with Cisco, which also 
has a director-class SAN 
switch with IP capabilities. 
“Brocade needs to play 
catch-up,” she said. “They’re 
the ones that are behind.” D 
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OPINION 


MARYFRAN JOHNSON 


Rogue Warriors 


HO’S IN CHARGE HERE? When it 
comes to IT projects, that would be 
you and your technology group, right? 
If only reality would stop intruding. 


If only there were no 
such thing as “rogue IT,” 
the catch-all term for 
those unauthorized, inde- 
pendent purchases of 
technology that scoot be- 
neath the radar of almost 
every sizable IT shop. 

This uninvited influx may 

include anything from 

wireless devices, PDAs 

and Linux desktops to in- 

stant messaging or PC 

applications. In “Dealing 

with Rogue IT,” our lead management 
story on page 27 (and online at Quick- 
Link 40666), reporter Gary H. Anthes 
examines the numerous creative ways 
senior IT managers are coping with 
these bootleg projects. 

To get a quantitative fix on how 
serious the problem is, we surveyed 
108 IT professionals on Computer- 
world.com and found that a rather as- 
tonishing 90% were all too aware of 
rogue projects under way in their 
companies. One figure in particular 
leapt out, making it harder to casti- 
gate those unruly users for taking 
matters into their own hands: Our 
survey respondents admitted that 
38% of their unauthorized IT projects 
were successful. 

Not a bad score for a bunch of 
amateurs. 

Of course, the downsides of rogue 
IT can be just as striking. Money 
squandered. Business operations dis- 
rupted. Company security compro- 
mised. Small departmental systems 
blossoming into expensive, badly de- 
signed enterprise applications. Ca- 
reers scuttled. As one CIO in our sto- 
ry lamented in the aftermath of a mi- 
nor ERP disaster, “Had they come to 
us ... we'd have helped them choose 
[the right product], helped write the 
scope of work, identified consultants, 
identified hardware and generally 
played a significant advisory role.” 





Those last three words 
are the ones to focus on: 
significant advisory role. 
The future of IT isn’t 
about command and con- 
trol — it’s about forging 
deeper, more supportive 
relationships with your 
business users. Engage 
them. Enlighten them. 
Enable them. 

“When I look at the IT 
of the future, it really be- 
comes a lot more of a 

competency center, for program man- 


| agement, contract management, rela- 


tionship management,” says Greg 
Schueman, CTO at Mercury Insur- 
ance Group in Los Angeles. He sees 
the definition of rogue IT evolving in 
a more positive direction, and he 
hopes that IT organizations will 
evolve with it. 

How to do that? Consider trying 
some of these ideas: 

@ Focus on the bright financial up- 
side. Funding IT projects through the 
business units just about guarantees 





more dedicated ownership and in- 
volvement on their parts. 

@ Infiltrate user departments wher- 
ever feasible. At Geisinger Health Sys- 


| tem, the IT people who support the 


lab equipment share space with the 
user experts who manage and run it. 

@ Encourage a certain amount of 
user exploration, but keep tabs on it. 
At Blue Cross and Blue Shield of Min- 
nesota, business users get all the lee- 
way they want during the technology 
assessment phase of a project. But 
once system design and development 
kick in, so does the IT group. 

@ Make sure all the likely suspects 
in your business units are familiar 
with your corporate technology stan- 
dards, including databases, PCs, oper- 
ating systems, e-mail and query tools. 
Make it known which vendors are pre- 


ferred partners. Who wants to pay full | 


price when there’s a bargain available? 

@ Ask yourself some hard questions 
about why users are hiding their tech- 
nology needs from you. How much 
static is there on those communica- 
tion lines between IT and the busi- 
ness units? 

Finally, assume that rogue installa- 
tions will increase in the future, and 
plan accordingly. Figure out how to 
join forces. Become their expert ad- 
visers. Get back in charge. D 
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Dodge Spam 
By Going 
One-to-One 


GIVE UP. 
After spending hours 
battling Blaster worm 
variants and setting e-mail fil- 


ters to block Sobig.F, I surren- 
der. The e-mail spammers, hackers and 
miscreants win. I no longer expect 
e-mail to function consistently. It acts 
more like a vintage automobile that 
takes constant tinkering. For essential 
communication, it’s time to look else- 
where. 

A promising alterative is a one-to-one 
communications channel that bypasses 
e-mail entirely. (No, I’m not talking 
about the telephone.) Ironically, this so- 
lution comes from the same group 
blamed for lots of spam: marketers. 

RealConnect is a 
small client-side ap- 
plication that works 
with a transactional 
server. It creates a 
one-to-one private 
communications 
channel. And it was 
designed by San 
Rafael, Calif.-based 
DataLode Inc. to give 
marketers a way to 
reach customers. 

The transactional 
server waits for a connecting agent 
(the thin client) to be verified and in 
real time relays information over an 
open port. For example, a user might 
ask a trusted online vendor for a travel 
itinerary based on price and date. When 
and if that information is matched 
against a database, a one-to-one mes- 
sage is sent in the form of an icon, an 
audio alert or an instant message. The 
one-to-one message can have an SMTP 
wrapper enabling interaction with 
back-end systems and navigation 
through corporate firewalls. 

The procedure was created because 
messages customers had requested 
(for example, “Send me details when a 
product is on sale for 50% off”) were 
being blocked as spam. Indeed, online 
travel company Orbitz uses the tech- 
nology to notify people who have al- 
ready approved the receipt of offers. 

While this one-to-one private chan- 
nel was built to make selling easier, 
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issues in this tough economic 
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how top IT executives and 
managers at companies like 
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Benefit From the Most Comprehensive Program 

No other storage event gives you a program so rich with experiences - whether they're 
industry and pre-certification primers, general sessions, tutorials, opportunities to see 
technologies at work ... or the rare chance to talk to the very engineers that make them work. 
Easily Navigate an Agenda Packed 


With Choices and Learning Experiences 


No other storage event provides an agenda woven with so many logical choices - choices that 
allow you to tailor your valuable time to your very specific needs. (See the full agenda at 
www.snwusa.com.) 


Get an Education Endorsed by the SNIA 


No other storage event offers a learning experience developed and sanctioned by the industry's 
most influential storage association - highlighted by the SNIA-delivered technical tutorials. 


Meet Experts and Shop in the Largest Available 
Storage-specific Solution Mall 


No other storage event allows you to see all the players and solution providers in one place. 
It's literally your one-stop “solution mail.” 


See SNW’s 
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Flagship Interoperability & Solutions Demo 


No other storage event gives you: 

* 40-plus SNIA member companies collaborating 
on integrated solutions 

* the opportunity to meet 
leading experts and engineers 

* access to $25 million worth 
of proven technology in action 


UPS, AOL and many others are 


and Security 
Emerging Technologies 


= IDC Storage Analyst Briefing 
Learn the State of the Storage Market: 
2004 and Beyond 


In this special briefing,* IDC’s key storage analysts will present the 
latest industry data, insights and analysis on trends affecting storage 
vendors. In these interactive presentations, IDC’s analysts will bring 
you up to speed on the current and future state of markets for stor- 
age arrays, SAN infrastructure, storage components, storage man- 
agement software, and storage services. Analysts will also address 
topics including: 
* New technology adoption (SATA, iSCSI, 4GB FC) 
© Emerging storage architectures (content aware storage, 

nearline storage, tiered storage) 
© New storage network infrastructure (virtualization, networked storage 
* Evolving paths to market for storage solutions 


*This session is intended for IT vendors; no non-IDC analysts permitted 
in this special session. 


Enjoy Orlando’s NEW 
JW Marriott Grande Lakes Resort! 


No other storage event 
allows you to learn, 
network and enjoy the 
conference in such a 
relaxing, comfortable 
and unique setting. 
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Tuesday, October 28 
(General Conference - 

75am-8:15am meats reakest 
8:15am-9:15am Opening Remarks and Visionary Presentation 
9:15am-1215pm Gi 

12:15pm-1:30pm 

1:30pm-3:50pm 

4:00pm-5:30pm Technical, Technical/Business and Business Tracks 


5: _5:30pm- 8:30pm m-8:30pm Expo and Butfet Dinner, Dinner, interoperabuity and Solutions Demo — 


Wednesday, October 29 


(General Conference - Day Two) 


7:30am-10:30am {DC Breakfast Briefing 

8:15pm-Noon General Sessions 

Noon-1:30pm Expo and Buffet Lunch 

Noon-7:15pm Interoperanility & Solutions Demo 

1:35pm-3:35pm General Sessions 

3:45pm-5:15pm Technical, Technical/Business, Business and SNIA Tracks 
5:15pm-7:15pm Expo 

7:30pm-9:00pm Gala Evening 


“Thursday, April 17 


(Tutorial and Breakout Sessions) 


7:30am-8:30am Continental Breakfast 
8:30am-11:45am Technical, Technical/Business, Business and SNIA Tracks 
1:45am Conference Concludes 


“Best Practices in Storage” 
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General Conference Package (Oct. 28, 29): $895 
(Includes General Conference sessions, Expo. 
Meals and Receptions) 


jay Package (Oct. 27, 
(Includes General Conference Package: Technical cal 
Business Tracks; SNIA-produced Tutorials: Pre-certification 
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Total 4-day Package (Oct. 27, 28, 29, 30): $1,290 $1,690 
(Available to Sponsoring \  Resellers/Integrators; Industry fants; and Storage Solutions Implementors 


No Sponsoring/Exhibiting Vendor Package: $5,000 


* TT End-Users are defined as those who are attending Storage Networking World with an intent (and an IT spending budget) to potentially buy/pur 
chase hardware/sottware/services/e‘c. from our conference sponsors and exhibitors. As such, account representatives/business development from 
any company, analysts, venture capitalists, and anyone else attending who does not have IT purchasing influence within their organization are 
excluded from the “IT End-User” designation. Enforcement of this interpretation and policy is at the sole discretion of Computerworid. Questons? 
Please call 1-300-883-9090. 


** Vendors are encouraged to participate at Storage Networking World through sponsorship. (Details are availabie by calling Ann Harris at 
1-508-620-8667.) Alternatively, vendors (as well as venture capitalists, equity analysts, and other “non-IT end-user” professionals as defined by 
Computerworld), may apply for registration at the “non-sponsoring vendor” rate. Determination of what constitutes a “non-sponsoring vendor” 
registration is at the sole discretion of Computerworld. You will also be required to adhere to our non-solicitation policy posted on-site. 


Travel and 
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Awards Program 


Golf Outing 
Complimentary for Registered IT Users IDG Travel is the official travel @ID 
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Awards Ceremony: cal 800-340-2262 (or 1-500-820-8159) 


Wednesday, 
October 29, 3:05pm, SNW Main Stage For details: contact Chris Leger at 1-508-820-8277 


Submit your nomination today at : 


For more information and to register, 
visit WWW. en or call 1-800-883- 9090 (1-508-820-8159) 
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companies can also use it to keep em- 
ployees tuned into specific corporate 
events or information without relying 
on e-mail. And because this channel 
comes as a service with tools designed 
for marketers, there’s no need to have 
an army of programmers setting up ex- 
piration dates for messages, directories 
of approved recipients or preferences 
for the look and feel of the messages. If 
you can make a PowerPoint presenta- 
tion, you can use this. 

Another spam problem is storage. 
Your systems may be storing this junk 
(desktops certainly are) without your 
knowledge. With one-to-one private 
communications, you specify what’s to 
be kept and what’s not. Also, this type 
of communication isn’t browser-based, 
so you're not at the mercy of security 
snafus related to viewing the Internet. 

One-to-one communication isn’t for 
everything — and there’s still the issue 
of replying securely — but it’s an inno- 
vative alternative when you know 
you're licked. D 


THORNTON MAY 


Redefining 
‘Heroic’ [T 
Leaders 


URING the past eight 

months I have been 

deeply involved ina 
multiyear global research 


project involving hundreds of 
CIOs and aimed at better understand- 
ing the evolving CIO “habitat.” I’ve dis- 
covered that it’s a varied and exotic 
ecosystem, indeed. 

The data collected puts the compa- 
nies surveyed into four performance 
categories: 


22% 


Paying particular attention to perfor- 
mance inflection points (that is, the 
practices that separate poor IT shops 
from average IT shops, average IT 
shops from good IT shops and so on), 
the data revealed several competency 
areas affecting overall performance of 
IT organizations. 

One area of operational excellence 
inherent to all of the world-class IT 


shops in the sample was a 
“managed mind-set” toward 
IT. The concept of a man- 
aged mind-set shouldn’t be 
trivialized as academicspeak 
or spin, nor should it be de- 
monized as mind control. 

Progressive CIOs in our 
research have revised how 
they think about IT. At the 
core of the rethinking was a 
fundamental change in the 
perception of what consti- 
tuted heroic IT. 

Popular culture paints he- [eee 
roes in bold, John Wayne strokes, por- 
traying them as bigger-than-life per- 
formers riding in to save the day. Day- 
to-day workers are often stereotyped as 


| Dilbert-like victims or George Babbitts, 


practitioners of narrowmindedness and 
selfishness, like the antihero of Sinclair 
Lewis’ novel Babbitt. 

Analysis of the academic literature 
on heroism indicates a perceptual bias 


| 





that demands certain pre- 
conditions for heroism to 
occur. That is, for someone 
to become a hero, some- 
thing perceptibly bad or 
extraordinary must happen 
first. It is no accident that 
America’s most respected 
presidents all served dur- 
ing times of great national 


trauma, though not all trau- 


ma leads to greatness. 
In “old-think” IT shops 
(those not in the world- 
= class category), staffers 
perceived as heroes are the ones who 


fix things when they break, do multiple | 
| you should be using in your company. 

| You'll be surprised at how many of 

| them you'll find in your organization. D 


| WANT OUR OPINION? 


all-nighters to deliver projects close to 
deadline or deliver to business users 
what they were told was impossible to 
achieve. But how efficient is that ap- 
proach? 

CIOs are no stranger to heroic cir- 
cumstances. Indeed, 63% of the CIOs 
in the Global 2,000 arrived at their po- 


| sition heroically — they’re generally 


regarded as having salvaged a desper- 
ate situation left by a predecessor. 

As an optimistic futurist, I am obli- 
gated to ask: In a world where IT does- 
n’t break down as much as it does to- 
day, in a world where IT is well run, 


| will there be opportunities for IT he- 
} roes to emerge? 


World-class IT shops have redefined 
IT heroism to include the everyday he- 
roes who build systems that run as 
promised, who are unafraid of personal 
responsibility and who are unwilling to 


| accept quick fixes that gloss over prob- 
| lems without getting to their roots. 


This is the definition for IT heroes 





More columnists and links to archives of previous 
columns are on our Web site 
www.computerworld.com/columns 





READERS’ LETTERS 


Outsourcing Acceptance Is Hard to Find 


AS DAVID MOSCHELLA con- 
sidered the security issues of 
code being generated in parts of 
the world that are hostile to the U.S. 
[“Outsourcing is Good,” QuickLink 
40327]? In the same issue that this 
column ran, just look at the front 
page and the description of Dan 
Verton’s book Black Ice on cyber- 
terrorism. 
Steve Farley 
Account executive, 
PPT Inc., Lancaster, Pa., 
sfarley@pptnet.com 


UNDERSTAND the business case 

for moving jobs overseas, but 
since a significant portion of Ameri- 
Ca's tax base is derived from these 
jobs, | have to wonder why our 
politicians have never done more to 
protect them. Maybe we haven't 
yelled loud enough yet. Then again, 
maybe David Moschella is right. 
Maybe it's natural for aging indus- 
tries to send jobs overseas, even 
jobs that serve the American public 
directly. Maybe we should embrace 
that trend and expand it to other in- 
dustries that are overdue for mod- 
ernization. As a start, | know some 
guys in India who would make very 
good opinion columnists. 
David Woodham 
Software engineer, 
Raleigh, N.C. 


AIR POINTS ALL by David 

Moschella. | remember the steel 
industry contraction of the 1980s 
and "90s, but the scary thing about 
the IT contraction is that it has been 
about 10 times faster. Overnight, 
the perception of technical people 
has gone from being wizards, gurus 
and (affectionately termed) geeks 
to being duil, commodity drones. 
Job security has vanished. Things 
will eventually come back into bal- 
ance, but this trend will extract a 
steep human cost in the meantime. 
Companies that exploit conditions 
ruthlessly risk a backlash either 
from the government or from work- 
ers when the market and worker 
mobility improve. 
Timothy Wood 


San Francisco 


OMETIMES in the marketplace, 
short-term economics wins 
over what's wise for the longer term. 

If we lose out on exploiting the tal- 
ents of a highly trained pool of pro- 
fessionals simply on the basis of 
cost per thousand lines of code or 
hourly pay, we risk not only our 
country's security but also the com- 
petitiveness of U.S. companies 
around the world. It's been said that 
the modern economy is global and 
the problems local, but the U.S. 
risks giving away the local competi- 








| tive advantages it has in its work- 


force through political neglect and 
a short-term focus. 

Charles Olson 

Consulting software engineer, 
Auburn Mass., 
ctosw@yahoo.com 


UTSOURCING will spell nothing 

but long-term economic trouble 
for our country. In these times of 
huge deficits and tax refunds, cor- 
porations that lay off and send IT 
jobs offshore are assisting in further 
weakening our country’s economic 
engine. Middle-class workers pay 
federal income taxes, Social Securi- 
ty taxes and Medicare taxes. Corpo- 
tations receive far too many tax 
breaks to make up the difference. 
Every job lost to a foreign land 
means that an American taxpayer is 
no longer helping to fund our de- 
fense, social services and health 
care. Where will that money come 
from? Yes, outsourcing will be a 
short-term win for corporate Ameri- 
ca’s bottom line, but the long-term 
effects will be monstrous. 
Vernon E. Bell 
Chicago 


HERE IS Computerworld dig- 

ging up columnists like David 
Moschella and Ward Larkin [“Off- 
shore Outsourcing Is Less of a 
Threat Than You Think,” QuickLink 
40490]? Surely their articles are a 





| test to see if people are reading the 


publication and if they'll respond to 


| patent hogwash. Both Moschella 


and Larkin fail to mention the erod- 


| ing effect on the U.S. when every- 


thing is produced offshore and 
shipped in, and they neglect to 
speak to the cultural mismatches 
that will show up, not only in the 
software produced, but also in the 
most basic of communications. 
Their acceptance of the IT out- 
sourcing trend is appalling. While 
it's true that businesses will do what 
they feel to be in their best interest 
and that getting upset won't do any 
good, lying down in spineless ac- 
ceptance will do far less. 

Nick Bronzan 

CEO/CTO, 

USInvestments Publishing 
Corp., Colorado Springs, 
nickbronzan@earthlink.net 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 
Fax: (508) 879-4843. 

E-mail: letters@computerworld.com. 
Include an address and phone num- 
ber for immediate verification. 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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Want to cut your IT costs without sacrificing 
performance? PRIMEPOWER Servers from Fujitsu. 


The secret is out. PRIMEPOWER™ Solaris”- compatible 

servers from Fujitsu’ deliver a major breakthrough in 

price/performance compared to our more famous 

competition. Want proof? PRIMEPOWER servers offer 

such an advantage that the world’s leading com- 
panies use them to boost their performance. And there’s a 
PRIMEPOWER server that’s right for any application you need— 
from single CPU, rack-mounted servers to enterprise-ready 
systems that scale to 128 CPUs for unsurpassed performance in 
the data center. 


Of course, it’s not just the hardware you’re buying. It’s also 
Fujitsu’s 30+ years of experience supporting high-perform- 
ance, mission-critical systems. We’ve already helped many 
companies consolidate their IT infrastructures and lower their 
Total Cost of Ownership. Our free white paper, The Why and 
How of Server Consolidation, explains how. Get your copy at 
www. ftsi.fujitsu.com/ad. Or call (877) 905-3644. 


oO 
FUJITSU 


THE POSSIBILITIES ARE INFINITE 


©2002 Fujitsu Corporation Limited. Fujitsu and the Fujitsu logo are registered trademarks of Fujitsu Limited. PRIMEPOWER is a trademark or registered trademark of Fujitsu Limited in the United States and other countries. 
Solaris is a trademark or a registered trademark of Sun Microsystems, Inc. in the United States and other countries. 
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FUTURE WATCH 


Genoa Il: Man and 

Machine Thinking as One 

IT may soon make it possible for 
humans and computers to “think to- 
gether” in real time to anticipate and 
preempt terrorist threats. Page 22 


Stretching Tape Technology 

Tape is still the main backup 

medium for most organizations and 

is likely to remain so for at least another 
10 years as vendors prepare faster 

drives, better management tools and tapes 
that can hold terabytes of data. Page 20 





HEN YOU HAVE con- 
solidated computer 
systems from 500 cor- 
porate acquisitions, 


IT integration. 
Indeed, nothing so distinguishes IT 


to which it seamlessly links major sup- 
ply systems — its own and those of 
customers and suppliers. The $5.5 bil- 


office supplies for the business market 
has, in essence, become an ex- 
tension of the procurement sys- 
tems of its largest customers. 
“Integration is one of our core 
competencies,” says CIO Lisa 
Peters, who has seen her IT 


300 in the past nine years. 

Corporate Express has for years tak- 
en orders for furniture, paper, comput- 
er supplies and other office products 
by telephone, fax and electronic data 
interchange. In 1997, it began offering 
customers Internet-based procure- 
ment via a simple CD-ROM catalog. 
Now, more than half of its 75,000 daily 
orders arrive electronically, most as 


. 
Vice Presidents Bret Mclniss (left) and Wayne Aiello integrated E-Way with customers’ systems. 
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WITH CUSTOMERS’ PROCUREMENT 
SYSTEMS. BY GARY H. ANTHES 


ress Goes 


LASHING COSTS BY INTEGRATING TIGHTLY | 


you get pretty good at | 


at Corporate Express Inc. as the degree | 


lion, Broomfield, Colo.-based vendor of | 
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shop grow from 12 people to more than 
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SECURITY MANAGER’S JOURNAL 


New Spam Policy: 

Return to Sender 

Vince Tuesday’s strategy to automati- 
cally return suspected spam before it 
can hit users’ mailboxes works per- 
fectly — almost. Page 23 


XML transactions through a richly fea- 

tured Web portal called E-Way. 

The smailest of Corporate Express’ 
30,000 customers, which typically lack 
their own automated procurement sys- 
tems, log onto E-Way and conduct pur- 
chasing transactions much as a con- 
sumer might at Amazon.com. These 
buyers have also placed many of their 

| unique procurement rules into E-Way, 
so that, for example, E-Way checks 
budgets, buyer authorizations and oth- 
er controls for customers. 

But 750 of the company’s 
largest customers — which ac- 
count for some 80% of its sales 
“volume — have a more direct 

connection to E-Way. Corporate 

Express has integrated E-Way 
into the processing fabric of their in- 
ternal procurement systems. That in- 
volved integrating with some 40 differ- 
ent commercial packages from compa- 
nies ranging from Ariba Inc. to Com- 
merce One Operations Inc. and eScout 
LLC. These customers start to build 
orders locally, but then bridge to 
E-Way by leveraging the integration 
features offered by each vendor’s prod- 
uct. For example, Corporate Express 
uses PunchOut for integration with 
Ariba, RoundTrip for Commerce One, 
ConnectScout for eScout and so on. 

Although customers can maintain 
their own versions of the Corporate 
Express catalog, more often the cata- 
logs are maintained by and at Corpo- 
rate Express. Every catalog is tailored 
to its user’s format, terminology and 
buying practices. 

“E-Way knows all the customer rules 
— for example, that they don’t buy 
desks from us, so desks will be blocked 
out,” says Wayne Aiello, vice president 
of e-business services. “E-Way actually 
becomes the customer’s system, so 
every customer has to be examined 
and treated differently.” 

Corporate Express is doing about 10 
new customer integrations per month. 
They take 10 to 20 days — with require- 
ments definition, coding and testing tak- 
ing equal amounts of time -— but the 
first few projects took 10 times that long. 
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The E-Way Architecture 


Behind the scenes in the E-Way system, 
customer orders, acknowledgements, 
invoices and other transactions flow be- 
tween customers and E-Way as XML 
transactions by way of two Internet ser- 
vice providers. 

Orders from small and midsize cus- 
tomers that use E-Way as their procure- 


ment system go to the E-Way Web serv- 


er and pass through the webMethods In- 
tegration Platform server directly into In- 
Vision, Corporate Express’ ERP system 
Orders from the 750 large customers 
whose own e-procurement systems have 
been integrated with E-Way interact with 
Integration Platform from webMethods. 
Integration Platform is the enterprise 
application integration (EAI) “layer” that 
ties Corporate Express’ e-commerce, ERP, 
warehouse management and financial 
systems. After some translating and for- 
mat standardization, the EAl layer sends 
the transaction to the InVision ERP sys- 


tem, where it’s processed like any other or- | 


der. InVision sources the order and sends 
it to its own warehouse or to a whole- 


saler for pickup and delivery the next day. \ 


E-Way is a three-tier system. At the 


top sit five Sun Microsystems Inc. Solaris ! 


servers running Apache Web server soft- 
ware. Files, such as catalog page im- 


“The hardest thing three to four 
years ago was that nobody in the in- 
dustry had done it,” Aiello says. “XML 
was the buzzword, but it was really 
new. Platforms like Ariba and Com- 
merce One were beginning to get a lot 
of hype, but there weren’t people who 
had actually implemented them.” 

The company buys off-the-shelf soft- 
ware when it can, but much of E-Way 


ages, are stored on a Linux server and 


! then cached on Solaris Web servers us- 


ing the Open AFS enterprise file systern. 


i The second tier, a JBoss application 


server, is a combination of JavaBeans 
and servlets. It shares a big Sun Fire 15K 


' server with the third tier, the Oracle data- 


base server running PL/SQL procedures. 
Corporate Express is migrating the 
E-Way application code from Oracle 
PL/SQL to Java 2 Enterprise Edition 
(J2EE). That will allow separation of pre- 
sentation functions from business logic in 
JavaServer Pages, making code more 
modular and hence easier to maintain, says 
Bret Mclnnis, vice president for e-busi- 


i ness technologies. It will also make code 


more scalable and efficient, he says. The 
J2EE architecture will use several open- 
source software tools, such as Struts, Tiles 
and Velocity - frameworks for developing 
Java applications that facilitate breaking 
applications into their functional parts. 
Finally, Trigo Technologies Inc.'s 
Product Center software maintains 


! product catalog information and publish- 


es it to E-Way and other systems. The 4i 


4 eContent Server from Documentum Inc. 


maintains an archive of Web site con- 
tent, including reports and billing. 
- Gary H. Anthes 


and its other supply systems were devel- 
oped in-house. Commercial packages of- 
ten aren’t scalable or flexible enough 
to accommodate the unique needs of 
customers, the company says. For exam- 
ple, Corporate Express developed its 
own search engine tailored to the char- 
acteristics of an office supply catalog. 
Unocal Corp. in El Segundo, Calif., 
used to buy from Corporate Express by 





telephone and fax, but has now inte- 
grated its Oracle Corp. procurement 
system with E-Way. Michael Comeau, 
e-procurement tools manager at Uno- 
cal, says he likes E-Way’s ability to 
send all invoices to a central point for 
payment, its buying controls and its or- 
der-tracking ability. “Maverick spend- 
ing is reduced tremendously,” he says. 
Meanwhile, Trisha Smallwood, 


manager of mail center operations at 


The Kroger Co. in Cincinnati, says she 
likes E-Way because it saves her five 
minutes on every order. No more fill- 
ing out an order form, faxing it and 
waiting for confirmation. The process 
is made even simpler, she says, by 
E-Way’s ability to maintain a list of 
items that Kroger orders frequently as 
well as the special prices and terms 
that the grocery chain has negotiated. 


Data, Data, Everywhere 


Corporate Express used software from 
webMethods Inc. in Fairfax, Va., to in- 
tegrate its major logistics and financial 
applications. The webMethods tool 
provides flexibility in deciding where 
data and logic are best placed, says Bret 
McInnis, vice president for e-business 
technologies at Corporate Express. 

For example, warehouse inventory 
balances change constantly, so E-Way 
makes a synchronous call through web- 
Methods to Corporate Express’ cus- 
tom-developed InVision ERP system 
to retrieve balances when they’re re- 
quested by an online customer. But 
pricing data is more static, so pricing 
algorithms and data about customers 
and products that are in PL/SQL pro- 
cedures in InVision are replicated to 
E-Way using SharePlex from Quest 
Software Inc. in Irvine, Calif. 

“Tt basically sniffs the Oracle logs 
and replicates the data in real time,” 
McInnis says. “We wrap that Oracle 
code in a JavaBean, so we call the exact 
same algorithm that InVision calls to 
get the customer’s price.” 

A performance advantage comes 
from being able to price an item just 
when it’s needed. Previously, every 
combination of item price and cus- 
tomer was stored in a table that soon 
grew to an unwieldy 1 billion rows, he 
says. Moreover, changes to price, cus- 
tomer and item data can be made in 
just one place and replicated elsewhere 
as needed. And use of an integration 
tool like webMethods effectively allows 
software to be used in multiple places 
without rewriting it, McInnis adds. 

Optimum placement of data and logic 
are critical when dealing with a high 
volume of low-margin transactions, 
McInnis says. “Performance and scala- 
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Getting to 
Real Time 


E-Way started out with a much simpler 
objective. “When it started, it was es- 
sentially a one-way order system, an 
online catalog,” says Wayne Aiello, vice 
president of e-business services. “They'd 
find a product and send an order into In- 
Vision,” the company's ERP system. 

That has changed, however. “It's 
transforming itself into a two-way inter- 
face between us and the customer,” he 
says, “so as we continue to add more 
transactions, we are bringing more in- 
formation from our supply chain forward 
to the customer.” 

Corporate Express has a number of 
supply chain and financial systems, plus 
interfaces with the systems of its suppli- 
ers. Any information from those sources 
is potentially available to present to cus- 
tomers using the webMethods integra- 
tion tool. Corporate Express already 
uses that tool to retrieve real-time inven- 
tory balances from its InVision system 
and send them to customers via E-Way. 
But if an item isn't in stock, it doesn’t tell 
buyers when it might be on the shelves 
again. Soon E-Way will also retrieve the 
item’s estimated date of receipt based 
on the supplier's information system. 

Corporate Express also plans to push 
more order-status information to cus- 
tomers, including who signed for a de- 
livery at the customer site. A point-of- 
delivery device will capture that data 
and send it via a service of Aether Sys- 
tems Inc. to a warehouse management 
system, where webMethods can grab it 
and present it to the E-Way user. 

~ Gary H. Anthes 


bility are always huge issues for us,” he 
says. “Our average order size is [small], 
so it takes a lot of transactions for $5 
million a day on our Web site.” 

While grabbing data using web- 
Methods is “theoretically easy,” Aiello 
says, optimizing performance is not. 
“At any point, we have thousands of 
people on the site placing orders. Mak- 
ing something available to 3,000 users 
simultaneously is a challenge.” B 
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As backup needs grow, tape vendors 
are preparing faster drives, better 
management tools and terabyte-size 
tape cartidges. By Lucas Mearian 


IKE MANY IT EXECUTIVES, 

Eric Eriksen, chief technol- 

ogy officer at New York- 

based Deloitte Consulting, 

would like tape to just go 
away. The added cost of managing tape 
backup systems, slow and unreliable 
restoration, cartridge inventorying and 
off-site storage headaches have him 
hoping that cheap disk drives may 
someday replace 50-year-old tape tech- 
nology in the data center. 

“We only need tape for cases when 
we can’t restore from disk. It’s a neces- 
sary evil,” he says. 

Yet despite a drastic shift toward 
low-cost Advanced Technology At- 
tachment disk arrays for backing up 
business data, there’s no end in site to 
the use of tape in the data center — 
especially for archival storage. Admin- 
istrators may complain, but tape still 
has an enormous intalled base and re- 
mains 10 to 50 times less expensive 
than disk. It’s also very secure, since 
data stored off-line on removable me- 
dia is physically inacessible to hackers 
and viruses. 

And vendors and analysts say evolu- 





tionary advances in the basic technolo- 
gy in midrange tape drive systems, im- 
provements in management tools, and 
the emergence of combined disk/tape 
subsystems are likely to answer some 
user complaints — and keep tape tech- 
nology in data centers for at least an- 
other decade. 


Bigger and Faster 

Manufacturers of the three leading 
midrange tape drive technologies — 
digital linear tape (DLT), linear tape- 
open (LTO) and advanced intelligent 
tape (AIT) — are preparing significant 
capacity and speed improvements. Ad- 
vanced drives, including SuperDLT 
(SDLT), SuperAIT (S-AIT) and LTO 
Ultrium 2 (LTO-2), are the latest varia- 
tions. Each uses half-inch tape and of- 
fers roughly five times the capacity 
and performance of standard DLT, AIT 
and LTO tapes [For a more detailed ex- 
planation of these technologies, go to 
QuickLink 40422]. 

For example, DLT was developed in 
1986 and the average cartridge origi- 
nally held about 96MB of data. SDLT 
today holds 160GB. Over the next 
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decade, SDLT will grow to about 2.5TB 
native capacity with 250MB/Ssec. 
throughput. LTO, which derives its 
name from its open architecture, could 
grow to 10TB native capacity by 2011. 

Vendors say ITB tape cartridges 
could appear as early as next year. 
Tape manufacturers such as Quantum 
Corp., Certance LLC and Storage Tech- 
nology Corp. expect tape to more than 
meet future needs. That’s a tall order, 
since the amount of data produced by 
the average enterprise is doubling 
every year, according to Stamford, 
Conn.-based Gartner Inc. 

To keep up, tape media will evolve 
to have more than 1,000 tracks and a 
thickness of 6.9 microns (about as 
thick as cellophane). And it will also 
work with drives that write on both 
sides of the tape, says Jeff Laughlin, 
director of strategy for the automated 
tape solutions unit at StorageTek in 
Louisville, Colo. 

In contrast, StorageTek’s current 
high-end tape drive, the proprietary 
T9940B, uses 200GB, one-sided tape 
that has 576 tracks and is 9 microns 
thick. Laughlin expects transfer rates 
to keep up with the larger capacity 
tapes as well. “There’s more money be- 
ing spent on tape media research than 
ever before in history. You’re going to 
see greater transfer rates at the head 
interface, transfer rates of lOOGB/Sec., 
200GB/sec.,” he says. 


TAPE 
TECHNOLOGY 


Stretches Out 
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Choosing the Right Format 


Will the SDLT, LTO-2 or S-AIT tape drive tech- 
nology you're using today be around tomorrow? 
Most likely, vendors and analysts say, although 
some users are finding reasons to switch from 
one format to another. 

Even with software advances in SDLT, more 
users are buying LTO-2 drives these 
days. Bob Amatruda, an analyst at 
Freeman Reports in Ojai, Calif., says 
LTO-2 appeals to users because its 
open architecture offers a choice of 
vendors. Hewlett-Packard Co., IBM and Costa 
Mesa, Calif.-based Certance all manufacture 
LTO-2 products, whereas only Quantum pro- 
duces DLT and SDLT drives. 

In July, Quantum put self-diagnosing intelii- 
gence into its SDLT drives, a move that analysts 


Smarter 


Emerging management software that 
can monitor the health of tape drives, 
Fibre Channel switch port connections 
to libraries and even the tape car- 
tridges themselves will help ensure 
that users are able to restore from tape, 
more easily manage backups and pre- 
dict problems and backup failures, 
vendors say. Advanced Digital Infor- 
mation Corp. (ADIC) and Quantum, 
for example, have recently introduced 
native management software tools on 
their tape libary and drive technology. 
ADIC sells all major tape cartridge 
technologies in its automated libraries 
and tape autoloaders, but Dave Uvelli, 
an executive director at the Redmond, 


Wash.-based company, says he believes | 


cartridge formats and drive technolo- 
gies are becoming irrelevant. Instead, 
ADIC is betting on new, intelligent 
tape library systems that will eventual- 
ly provide detailed information on 
drives and tape, whether it’s related to 
a downed switch port, a stuck drive or 
a tape cartridge that’s reaching the end 
of its life. 

One example of archival intelligence 
is ADIC’s Scalar i2000 tape library. In- 
troduced in early July, the Scalar i2000 
is designed to eliminate the need for 
an external library control server. 
Among other things, the system can 
send backup failure alerts via pager or 
e-mail, partition a library into multiple 
logical libraries and perform mixed 
media, performance and proactive sys- 
tem readiness checks. 

In July, San Jose-based Quantum also 
introduced DLTSage, a suite of predic- 
tive and preventative diagnostic tools 


MARKET 
is 





say will help boost sales. Quantum also says it 
has plans for at least four more incarnations of 
SDLT, and the vendor has 31% of the overall 
tape market - more than any of its competitors. 

But John Pearring, president of StorServer 
Inc. in Colorado Springs, a manufacturer that 
sells all three tape technologies, still 
gives LTO the edge. “LTO is open and 
makes more sense, and it's 200GB 
native [vs. 160GB for the latest SDLT 
320 drives],” he says. 

Deloitte's Eric Eriksen says he’s looking at 
moving from four HP tape libraries, with eight 


SDLT drives each, to a single HP or ADIC Scalar 


4 


10K tape library using LTO drives for greater ca- 


pacity in a smaller footprint. He says his decision 


isn’t being driven so much by LTO-2’s open- 


that run on its SDLT tape drives to 
help ensure that backups have com- 
pleted successfully. The applications 
can also tell administrators when 
drives have reached critical thresholds 
for capacity and predict where and 
when errors may occur. 


Here Come the Hybrids 

While disk-to-disk backup is already 
popular, during the coming year, man- 
ufacturers plan to introduce more hy- 
brid systems that combine disk with 
tape libraries in storage-area networks 
for faster backups and restores and 
easier archiving. ADIC, for example, 
plans to introduce a combined 
tape/disk library this month. 

“You won't just have tape. One could 
imagine RAID-protected disk where 
I/Os from the backup job are complet- 
ed at [wire] speed while the [library] 


| robot, through management software, 


stages it on tape drives for archival,” 
says StorageTek’s Laughlin. 

Ultimately, however, scalability and 
restorability will continue to be the 
key criteria to take into account when 
selecting tape systems, says Deloitte 
Consulting’s Eriksen. “We’re looking 
for a single solution that can cover 
everything, regardless of the needs we 
have,” he adds. D 


TAPE VENDOR LINKS 


To get a sampling of vendor offerings for SDLT, 
S-AIT and LTO-2 tape drives, go to our Web site: 


QuickLink 40571 


To learn more on this subject, visit our Storage 
Knowledge Center: 


QuickLink k1700 
www.computerworld.com 
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ness, but by its compression rates and speeds, 
which - for the moment - exceed those of 
SDLT. He also says that the new LTO-2 libraries 
are more scalable than his older system. 

“One of the things that's important when 
we're doing streaming across multiple tape 
drives is to be able to restore quickly,” he says, 
referring to LTO-2’s 200GB capacity and 
35MB/sec. throughput. 

That doesn’t matter to Phil Andrews, director 
of high-end computing at the supercomputing 
lab at the University of California, San Diego. He 
has avoided LTO Ultrium because he says it 
lacks the track record of reliability that he re- 
quires. “We've looked at LTO, but we have to be 
conservative because we're holding a lot of 
people's data here,” he says. 

And while LTO has a capacity and perfor- 
mance edge over SDLT today, analysts say the 


' two tape technologies continuously leapfrog 


each other in capacity and throughput, so other 
factors may be more important. 

SDLT and LTO-2 may be neck and neck in 
speeds and feeds, but Sony Electronics Inc.'s 
S-AIT leapfrogged both with the vendor's intro- 
duction of a 500GB, 30MB/sec. drive in De- 
cember - and it’s likely to remain ahead for 


some time, based on current SDLT and LTO 


i road maps (see graphs, below). 


S-AIT also has the edge in pricing: S-AIT 
tape cartridges are $80, vs. $120 for LTO-2 and 
$130 for SDLT. Sony intends to develop and 
support S-AIT through at least a sixth genera- 
tion, says Stephen Baker, vice president of stor- 
age solutions at Sony in San Jose. But S-AIT's 
appeal has been limited because, as with SDLT, 
only one manufacturer produces the drives. 

- Lucas Mearian 


Tape Gets Faster... 
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Some of the 

technology 

shown in last 

year’s block- 
buster movie Minority Report 
may soon be a reality and a 
centerpiece of the intelligence 
community’s war on terror- 
ism. In the futuristic thriller, 
Tom Cruise played the head of 
a police unit that uses psychic 
technology to arrest and con- 
vict murderers before they 
commit their crimes. 

Research into new intelli- 
gence technology is taking 
place as part of a $54 million 
program known as Genoa II, a 
follow-on to the Genoa I pro- 
gram, which focused on intel- 
ligence analysis. 

In Genoa II, the Defense 
Advanced Research Projects 
Agency (DARPA) is studying 
potential IT that may not only 
enable new levels of collabo- 
ration among teams of intelli- 
gence analysts, policy-makers 
and covert operators, but 
could also make it possible for 
humans and computers to 


“think together” in real time to | 


“anticipate and preempt ter- 
rorist threats,” according to 
official program documents. 

“While Genoa I focused on 
tools for people to use as they 
collaborate with other people, 
in Genoa II, we also are inter- 
ested in collaboration be- 
tween people and machines,” 
said Tom Armour, Genoa II 
program manager at DARPA, 
speaking at last year’s DARPA- 
Tech 2002 conference in 
Anaheim, Calif. “We imagine 
software agents working with 
humans ... and having differ- 
ent sorts of software agents 
also collaborating among 
themselves.” 

Genoa II may be shelved be- 
cause of its central role in the 
controversial Terrorism Infor- 
mation Awareness program, 
but private-sector researchers 
say many significant advances 
are still possible and are, in 
fact, already happening. 

For example, private-sector 
researchers are studying cog- 
nitive amplifiers that can en- 
able software to model current 
situations and predict “plausi- 
ble futures.” Researchers are 
also on the verge of creating 
practical applications to sup- 
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GENOA II: 


Man and Machine 
Thinking as One 


Can software algorithms predict a terrorist’s 
next move before he makes it? By Dan Verton 


port cognitive machine intelli- 
gence, associative memory, 
biologically inspired algo- 
rithms and Bayesian inference 
networks, which are based on 
a branch of mathematical 
probability theory that says 
uncertainty about the world 
and outcomes of interest can 
be modeled by combining 
common sense with evidence 
observed in the real world. 


Anticomplexity 

The goal of all of this research 
is to find a way to make com- 
puters do the one thing they 
aren’t very good at: mimicking 
the human brain’s abil- 

ity to reduce com- 

plexity. Computers 

are good at doing 

things like playing 

chess but are inca- 

pable of “seeing” 

and deciphering a 

word within an im- 

age. Biologically in- 

spired algorithms 

— the mathematical 
underpinnings of 

cognitive machine 
intelligence — could 

change that. : 

“One way to make 
computers more in- 
telligent and lifelike 
is to look at living 
systems and imitate 
them,” says Melanie 
Mitchell, an associ- 
ate professor at 
Oregon Health & 

Science University’s 





School of Science & Engineer- 
ing in Portland and author of a 
book on genetic algorithms. 


| “People have already done 


that with the brain through 
neural networks, which were 
inspired by the way the hu- 
man brain works.” 

“In the brain, you have a 
huge number of simple ele- 
ments — neurons — that are 
either on or off and are work- 
ing in parallel. And in ways 


| that are still fairly mysterious, 


that seems to collectively pro- 
duce very sophisticated learn- 
ing,” says Mitchell. 

But there are other exam- 





ples of astounding possibili- 
ties, all of which have poten- 


| tial applications in the war 


on terrorism. For example, 
Mitchell points to ongoing 
studies in genetic algorithms 
that are inspired by evolution 
— a computer program that 
evolves a solution to a prob- 
lem rather requiring a person 
to try to engineer one. Like- 
wise, researchers are begin- 
ning to produce security ap- 
plications that mimic the hu- 
man immune system, she says. 


Hurtling Forward 
Despite formidable technolog- 
ical challenges, 
there have been 
successes that 
could become real 
products and appli- 
cations in the next 
12 to 24 months. 
One of those suc- 
cesses has been in 
the development of 
inference net- 
works. 

“Some of the 
core algorithms we 
are working with 
have been around 

for centuries,” says 
Ron Kolb, director 
of technology at 
San Francisco- 
based Autonomy 
Inc., a firm that 
makes advanced 
pattern-recognition 
and knowledge man- 
agement software. 
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“It’s just now that we're find- 
ing the practical applications 
for them.” 

For example, Autonomy 
uses a proprietary blend of 
Bayesian statistics and Claude 
Shannon’s Information Theo- 
ry, which says it’s possible 
to separate critical elements 
of information from large 
streams of audio data, to pro- 
duce algorithms that are mak- 
ing computers smarter and 
able to learn. 

“We're able to produce an 
algorithm that says here are 
the patterns that exist, here 
are the important patterns 
that exist, here are the pat- 
terns that contextually sur- 
round the data, and as new 
data enters the stream, we’re 
able to build associative rela- 
tionships to learn more as 
more data is digested by the 
system,” says Kolb. 

The computers of tomorrow 


| will also know when two or 


more intelligence analysts are 
interested in or working on 
the same problem and will au- 
tomatically link those analysts 
and their data, he says. 

In fact, many automotive 
and aerospace manufacturers 
have used rudimentary pieces 
of this type of capability and 
have saved millions of dollars 
by leveraging developmental 
expertise across functional ar- 


| eas, says Kolb. Likewise, such 


computers could be able to 
spot a person leaving a suspi- 
cious bag at an airport and au- 
tomatically alert security. 
“We're no longer looking for 
information, information is 
looking for us,” Kolb says. 
But Grant Evans, CEO of 
A4Vision Inc. in Cupertino, 
Calif., and an expert in cogni- 
tive machine intelligence and 
biologically inspired algo- 
rithms, says he thinks he has 
an idea of where it’s all lead- 
ing. “The algorithms today, 
particularly biometric algo- 
rithms, are very intuitive, 
meaning the more you use 
them, the more they learn,” 
says Evans. “Now we're inte- 
grating cognitive machine in- 
telligence in the form of video 
with avatars [3-D digital ren- 
derings of real people] that 
can see and track you. That’s 
the computer of the future.” D 
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_ New Spam Policy: 
Return to Sender 


Kicking back suspected spam dramatically 
reduces unwanted e-mails, but not before 
creating an endless loop of confusing 
messages. By Vince Tuesday 


E’VE been trying to 
control the problem 
of spam, and at long 
last, we can see 
light at the end of the tunnel. 

My security team and I al- 
ready use an outsourced ser- 
vice that identifies spam and 
labels each message accord- 
ingly. It does a surprisingly 
good job, but most users still 
read every spam- 
labeled message, even 
though only one in 
10,000 e-mails is in- 
correctly marked. 

Last week, we im- 
plemented the next 
phase: We reconfig- 
ured our e-mail gateway to re- 
turn spam to the sender. 

Now the end user never 
sees any e-mails identified as 
spam. Instead, we send those 
e-mails back to the return ad- 
dress and give the sender in- 
structions on how to be added 
to the “allowed” list. This 
process uses fax rather than 
e-mail, so it costs senders time 
and effort. But we figure that 
if they are legitimate business 
users, they’ll follow this sim- 
ple process. 

Just over half of our daily 
e-mail is spam, so returning it 
saves enormous amounts of 
disk space and e-mail server 
processing power. 


A Rare Thank You 


Seven days into using the new 
system, it’s working like a 
dream. We've had no com- 
plaints, and a handful of users 
even phoned to say thank you 
— a pretty rare experience for 
my team. 

We've sent back hundreds 
of thousands of messages, and 
only one sender asked to be 
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| 
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added to our allowed list. 
That’s a near-perfect record. 

But we’ve had some prob- 
lems. Here’s one: We send our 
returned messages from a spe- 
cial not_read@company.com 
e-mail address. We were ini- 
tially worried that by doing so 
we might inadvertently create 
e-mail loops. 

Some of the spam comes 
from semilegitimate 
companies that use 
a genuine source ad- 
dress and have an 
autoreply on that 
address. We worried 
that our returned 
spam would cause 
them to send us an autoreply 


| that would be marked as spam 


and returned to them, which, 
of course, they would reply to 
with another message that we 
thought was spam and so on. 
So we put in a rule that if the 
incoming e-mail is addressed 
to not_read@company.com 
and is marked by the antispam 
company as spam, then our 
rule discards it instead of 
sending another alert. 

Since it’s likely that many 
of the return addresses on 
spam e-mails are fake and 
that innocent users will re- 
ceive our replies, we made 
sure our responses were po- 
lite. In fact, half the messages 


Our antispam sys- 
tem had spammed 
our own e-mail 
administrators. 





| we returned bounced. This 


means that the not_ read ac- 


| count gets pretty busy. But af- 
| ter this week of bedding in, we 
| really won’t read messages 


sent to it. Instead, we will just 
delete them. 

We thought we had covered 
all the fairly obvious problems 
pretty well, but we hadn’t 
thought of everything. I was 


| surprised to come in one day 

| to find that the team that mon- 
| itors the postmaster e-mail ac- 
| count was unhappy with us. 


| Endless Autoreplies 


| Our system’s autoreply to a 


spam from an online catalog 


| vendor had received a reply 


from that vendor’s autoreply 
system, and our postmaster 
account had received tens of 


| thousands of messages 


overnight. It seemed that 


somehow we had created a 
| loop that included the post- 
master account. 


As with most Web sites, our 


| postmaster account is read by 
| areal person. This gives ad- 
ministrators a way to contact 
| other administrators to trou- 

| bleshoot problems with the 


e-mail system itself. 
In our case, for some reason 


| the postmaster account had 


replied to every message sent 


| to not_read, and that account 


was getting autoreplies back 


| from the online catalog com- 


pany. But the not_read ac- 
count wasn’t receiving any of 
these messages, so it was diffi- 


| cult for us to investigate. 


We looked into all kinds of 
bizarre theories. Perhaps our 


| e-mail was being spoofed by a 
spammer to get back at us? 


Perhaps our outsourced ser- 


| vice was blocking them be- 


cause of the number of mes- 
sages to and from this ac- 
count? It was frustrating. Then 
I began to think about why an 


| e-mail in-box wouldn’t have 


any new mail in it. I asked the 








team, and one of them sug- 
gested that it might be full. 

I could only laugh, because 
that was the sort of question 
we should have asked at the 
beginning, not after we had 


| wasted our time investigating 


wild theories. The not_read 


| mailbox had filled up with 
| all the rubbish being re- 


turned, and the postmaster 
account was returning every 
subsequent e-mail sent to 
not_read to the sender. But 
every message returned to 
the catalog company received 


| an autoreply to the postmas- 


ter account. 

Once we deleted all the old 
messages in not_read, we 
stopped the problem. But it 
was a bit embarrassing to 
know that our antispam sys- 
tem had spammed our own 


| e-mail administrators. 


I do feel guilty about push- 
ing the problem of sorting 


| through the spam back onto 


the sender. It would be better 
if everyone was civilized and 
we could trust them to send 
only things we want. But we 
have to pay to receive spam 
that uses up our network 


1 
bandwidth, e-mail server re- 


sources and the recipient's 
time, so I feel justified in fore- 
ing the senders of e-mails 
that look like spam to jump 
through a few hoops. 

A handful of spam messages 
still get through each day. And 
already, our users have accli- 
mated to the dramatically low- 
er levels of spam and are com- 
plaining that even this re- 
duced level is unacceptable. 
It’s good that we’re being 
pushed to always improve, but 
I hope we can convince users 
that this current level of con- 
trol is right for the issues that 
spammers pose now. Maybe, 
just maybe, it will hold until 
new laws are passed and en- 


| forced and spamming finally 


drops away. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince. 
tuesday@hushmail.com, or join the dis- 
cussion in our forum: QuickLink a1590 


Security Manager's Journals, go online to 
@computerworld.com/secjournal 
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Security Bookshelf 
Real 802.11 Security: Wi-Fi 
Protected Access and 802. Ti, 


where WLANs 

have become 

synonymous with 

security weaknesses. This 
book explains what's wrong 
with the Wired Equivalent Pri- 
vacy protocol and what the in- 
dustry has done to fix the ma- 
jor problems in introducing the 
standards Wi-Fi Protected Ac- 
cess and 802.11i, which speci- 
fies the use of the Temporal 
Key integrity Protocol and the 
Advanced Encryption Stan- 
perbly detailed guides to build- 
ing wireless services securely 
and includes a fully working 
example using free software. 
This is a good handbook for 
WLAN administrators who 
want to avoid the security pit- 
falls that have hampered wire- 
less networks so far. 


- Vince Tuesday 


Device Provides 
Key Storage for 
Windows 2003 
NCipher PLC, a Cambridge, 
England-based security firm 
with U.S. headquarters in 
Woburn, Mass., iast week up- 
graded its line of hardware- 
based cryptographic key man- 
agement products with a new 
device featuring support for 
Microsoft Corp.'s Windows 
Server 2003. The product is 
compliant with the Federal in- 
formation Processing Stan- 
dard (140-2) and will give 
users a tamper-resistant envi- 
ronment for storing and man- 
aging cryptographic keys used 
to secure Windows Server 
2003 and .Net environments, 
nCipher says. The company’s 
boxes range in price from 
$5,800 to $19,500. 
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SHARP. 


PAUL A. STRASSMANN 
Digital Document 
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Everything you 
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Q: 


need to know. 


¢ What are the most significant 
e digital copier security issues? 


¢ How does Sharp protect the 
e network interface? 


How can you be sure that 
security products actually 
perform as claimed? 


How can Sharp improve IT 
security? 


sharpusa.com 


be sharp” 











IT Infrastructure 


N JULY, the General Accounting Office pub- 
lished what I consider a rare insight into IT 
spending. The agency broke down the $26 bil- 
lion Department of Defense IT budget into 
the following categories: business systems, 
$5.2 billion; business infrastructure, $12.8 billion; 
mission support (including its own separate infra- 


structure), $8 billion. 


Less than half of the total cost is accounted for by 
the share of spending that directly and visibly sup- 
ports users. The lion’s share goes toward the “infra- 
structure” — the hole from whence bugs, disruptions 


and mysterious failures 
come. 

Here we have an audit 
confirming what I have 
seen creeping up on IT 
for more than 20 years: It 


| isn’t the applications but 


the need to support a 
costly infrastructure that 


| has been dampening the 
| funding for technological 


innovation. 
You can always get 


| votes for adding another 
| attractive application. But 


hardly anybody will sign 
up to support an infra- 
structure that may be serving cus- 


tomers who aren’t paying their way. 


Selling tickets for seats in fancy rail 
cars was always easy. Finding money 
to pay for the track, switches, signal 


| equipment and the fuel depot was al- 


ways much harder. 

The root cause of IT failures and 
excessive IT costs in large organiza- 
tions lies in rickety infrastructures 
put in place one project at a time. 
What you usually have in large orga- 
nizations is not a secure, low-cost 
and reliable infrastructure but a 
patchwork of connections cobbled 


| 
| 





together without suffi- 
cient funding and rushed 
to completion without 
sufficient safeguards. 
The currently fashion- 
able approach is to im- 
pose centrally dictated 
“architectures” to cure 
the pains from incompat- 
ible and redundant sys- 
tems. Such architectures 
are just another way of 
achieving order through 
centralization and con- 
solidation. Unfortunate- 
ly, under rapidly chang- 
ing conditions, such a 
cure may be worse than the original 
disease. 

Invariably, centralization involves 
the awarding of a huge outsourcing 
contract to a vendor for whom a crit- 
ical piece of the infrastructure is 
carved out, such as the management 
of desktops. Associated servers, 
switches and data centers may also 
be included in the IT territory ceded 
to the outsourcer, while the resident 
IT bureaucracy always keeps tight 
control of a few fatally critical com- 
ponents in order to retain its ab- 
solute power. 





This approach to fixing infrastruc- 
ture deficiencies is flawed because 
the sequence for fixing a broken set- 
up is backward. Contracting for an 
infrastructure should be the last — 
not the first — step in putting im- 
proved systems in place. 

First, [IT managers should focus on 
determining which applications 
must be delivered immediately. The 
reliability, affordability and timing of 
application services will dictate 
which one of the many conceivable 
infrastructures would work best to 
solve high-priority problems. 

Second, the organization’s man- 
agement structure and business 
goals must be set. I don’t see how 
one can get funding for overhauling 
infrastructure as a separate invest- 
ment. As a credible business case, 
such investments offer notoriously 
sterile ground. Infrastructures must 
be designed so that each step can be 
financed with incremental funding. 
Such economics make outsourcing 
of infrastructure services to a com- 
puting “utility” the preferred solu- 
tion. The recent huge wins by a com- 
puter services firm offering “on-de- 
mand” usage pricing is a good sign 
that customers are ready to buy 
computing “by the quart” instead of 
owning a farm. 

Third, a feasible transition plan for 
legacy applications must be devel- 
oped and tested prior to making the 
least risky technical choices. 

Only after the completion of this 
sequence would it be safe to proceed 
with outsourcing. Precipitous con- 
tracting for infrastructure services is 
only for the hasty and the impatient 
(who will be long gone when the au- 
ditors finally show up). D 
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where information lives 


DID YOU KNOW THAT SOME OF OUR 
BEST STORAGE PRODUCTS COME 
ON A DIFFERENT KIND OF DISK? 


OUR SOFTWARE GIVES YOU SOME 
VERY SMART CHOICES. 


To manage complexity, you’ve got to outsmart it. EMC Automated Networked Storage™ delivers the 
software that automates management of your multi-vendor storage infrastructure, including the most 


| ~~ 4 error-prone tasks such as monitoring and provisioning. Now you can gain a unified, end-to-end view of your 
entire environment. Define your service levels. And run an agile, active infrastructure that helps the busi- 


ness pounce on opportunity. 


= See how other companies are using EMC Automated Networked Storage to manage more 
information with less effort at www.EMC.com. 


EMC? and EMC are registered trademarks and EMC Automated Networked Storage and where information lives are trademarks of EMC Corporation. ©2003 EMC Corporation. All rights reserved. 
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Global Toolbox 


Managers try various tools — 
including videoconferencing 
and distributed software — 
to help keep tabs on offshore 
contractors. Page 29 
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Business Rules Come First 

Don’t start an IT project without a clear set of 
written rules about the way your company 
conducts business, advises Ronald G. Ross in 
this excerpt from Principles of the Business 
Rule Approach. Page 30 
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QUOTE OF THE WEEK 

4 The technology that you 
create bears the marks of 

your team just as a stone ax 

shows the marks of an ancient 

flintknapper. 


- Paul Glen, Computerworid contributing 
columnist and principal of C2 aati 
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“It was all done under the radar,” laments Emcor CIO Joseph Puglisi about a rogue ERP project. 


DEALING WITH 


Rogue 


Bootleg IT 

projects are going on 
behind your back. 
Here's how to cope. 
BY GARY H. ANTHES 


i] 


C10 JOSEPH PUGLISI says he had no idea the IT 
project was going on. And, he says, the Emcor 
Group Inc. business unit installing the ERP pack- 
age had no idea it had selected a product that 
Puglisi had earlier reviewed and panned. “Ulti- 
mately, the project was a disaster,” he says. 

“It was all done under the radar,” Puglisi ex- 
plains. “They spent more than a year fumbling 
along trying to make it behave in a way that would 
suit their business. Finally, they did ask for corpo- 
rate guidance, but they had to get on bended knee 


and plead for funding to displace that failed imple- 
mentation effort.” 

It might have been otherwise at the Norwalk, 
Conn.-based construction and facilities management 
company. “Had they come to us, we would have said, 
‘Here are the choices that we think are contenders,’ ” 
Puglisi says. “We'd have helped them choose one, 
helped write the scope of work, identified consul- 
tants, identified hardware and generally played a sig- 
nificant advisory role.” 

Systems projects done without the knowledge or 
oversight of the IT organization, so-called rogue proj- 
ects, may spring up because users see IT as a source 
of red tape or excessive cost. Or because they’re look- 
ing for temporary or quick-and-dirty systems that 
they see as low-risk. Or they don’t see the IT implica- 
tions of what appear to be non-IT projects. Whatever 
the reason, rogue projects often have unintended 
consequences. Things can get hurt — budgets, sched- 
ules, business unit operations, careers and some- 
times the corporate systems that IT does maintain. 

Most IT executives admit that rogue projects go on 
in their companies (see Computerworld survey, next 
page), but there’s considerable disagreement as to 
whether the practice should be snuffed out or facili- 
tated. In any case, CIOs employ a wide range of 
strategies for dealing with these bootleg projects. 


Not Enough Cops 

David Swartz, CIO at George Washington University 
in Washington, says rogue projects aren’t all bad. The 
danger comes, he says, when a small, isolated system 
grows into an enterprise application without the 
careful stewardship of IT. 

It all started innocently enough at the school, 
Swartz says. An administrative department asked 
AT&T Corp. to develop a debit card system that stu- 
dents could use to buy meals and other things. IT 
wasn’t involved. Soon someone realized that the card 
system could be expanded to control access to park- 
ing, and then access to buildings. “More and more 
user departments piled on, and it became an enter- 
prise application,” Swartz says. 

At least he saw it coming. “I reviewed their proce- 
dures and controls. They had no backup, no redun- 
dancy. If the server failed, guess what — not only can 
you not get into the parking lot, you can’t get into the 
building, and you can’t buy food. The university 
shuts down.” 

Based on that review, Swartz persuaded the univer- 
sity to give him the back end of the system, the oper- 
ational side. But before he could put in his controls 
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99% said there are computer proj- 
ects under way in their companies that 
don't involve the IT department. 


@ 58% said their companies have 
policies that bar significant IT projects 
from being undertaken without IT de- 
partment approval or control. 


@ 86% said IT products are being 
installed in their companies without 
the authorization or support of the IT 
department. 


and protections, the server did go 
down and stayed down for a day. “They 
had to station policemen in all the 
buildings,” Swartz says. “But we have 
80 buildings, and there weren’t enough 
police, so we had to station other em- 
ployees to guard the buildings.” 

And that wasn’t the end of it. Prob- 
lems persisted because the user de- 
partments had kept the application 
development side of the system. “They 
upgraded the software without testing 
it, and that caused all kinds of outages 
and problems,” Swartz says. “Now they 
are moving the application side to us 
as well.” 

In the wake of that debacle, senior 
university management decreed that 
a policy on rogue IT be developed. 
Among other things, it will stipulate 
that any application that spans more 
than one department must be owned 
by central IT, Swartz says. 


The Phase Matters 

John Ounjian, CIO at Blue Cross and 
Blue Shield of Minnesota, looks not so 
much at the organizational scope of an 
IT project as whether it’s in the assess- 
ment, design or development stage. 
Users may conduct the assessment 
phase of a project, even a large and 
complex one, on their own. But in the 
later phases of a project, even a tiny 
one such as the installation of a single 
PC, IT must be involved. 





IT projects done outside the 
IT department tend to be: 


Successful Unsuccessful 


What types of unauthorized 
products are being installed? 
PC software 32% 


PC hardware 24% 
Linux Coke oa ae 
Wireless 

Apple/Macintosh 
Other 


6% 


8% 


“T have a higher tolerance for rogue 
projects in the assessment phase,” 


| Ounjian says. “IT shouldn’t be so para- 
| noid. The business area really has the 


accountability in terms of what needs 

to be done, and IT has the accountabil- 

ity for how it’s implemented.” 
Geisinger Health System in Danville, 


| Pa., has largely mitigated the risks 


from bootleg projects by placing IT 
staffers in the user departments where 
these projects might occur. “We have 
people who support laboratory sys- 





tems in the same physical location as 
the laboratory management people. 


| Same for radiology, same for the busi- 


ness office,” says CIO Frank Richards. 
That’s a good model for a company 
with a lot of specialized equipment 
with hooks into IT, Richards says. “The 
business units have learned over the 


| years that it’s better to have us in- 


volved upfront, because sooner or lat- 
er, they are going to want to connect 
whatever it is, such as a piece of radiol- 
ogy equipment, to the network, and 
they can’t do that without us,” he says. 

Richards says a department recently 
wanted to buy a physician-reporting 
system but hadn’t worked closely with 
central IT. “We said, ‘No, no, no, we 
really have to go through a process 
here, do a needs assessment, look at 
the ROI and look at how it fits into 
your workflow.” 

Indeed, workflow turned out to be 
a problem. The system would have 
greatly reduced the time it took an ex- 
amining physician to create diagnostic 
reports, “but they didn’t have the staff 
to turn the rooms fast enough to get 
the doctor to see the next patient,” 
Richards explains. “It was very eye- 
opening for them to realize that even 
though we don’t know clinically what 
they do, we understand workflow and 
can help them translate that into what 
the system will and won't do.” 


Times Are Changing 

Greg Schueman, chief technology offi- 
cer at Mercury Insurance Group in Los 
Angeles, says the definition of rogue 
technology is changing, and IT depart- 


| ments should change with it. 


“Having IT be the absolute gate- 


| keeper and owner over everything isn’t 


When Rogues Right 


The IT shop at J.R. Simplot Co., a $3 bil- 


lion agribusiness concern in Boise, Idaho, : 
often allows other departments to under- : 
take IT projects. That can happen if the IT : 


department doesn’t have the resources 
needed at the time or when the system 

draws on expertise uniquely available in 
some other business unit, according to 

ClO Roger Parks. 

Here are some examples: 

@ The company’s online wholesale 
food shop, SimplotFoods.com, was de- 
veloped by the marketing department 
and a Web development company. 

@ People with IT experience in Food 


Group Plant Operations are developinga : 


manufacturing management system. 


@ The human resources department 
oversaw the outsourcing of a learning 
management system. 

@ IT personnel in AgriBusiness Plant 
Operations developed plant-specific envi- 
ronmental, health and safety systems. 

® AgriBusiness subject-matter experts 
and on-site IT people developed a system 
to extract and analyze maintenance and 
procurement performance metrics from 
the company’s ERP system. 

Parks says he has succeeded in help- 
ing even geographically scattered users 
by publishing IT standards for all users in 
areas such as databases, query tools, 
PCs, servers and e-mail. 

- Gary H. Anthes 
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Chris Tucci says he had to resort 
ORL Ca MON a PMC CHIR 
the central IT department. “If we 
knew they'd approve a printer, for 
example, then we'd spec out a 
computer as ‘printer-support 
Creme Lm MTN 
to run a smoke screen to support 
Nel mel) (cre 

Seder Meal mecen ty 
end users at Idaho National Engi- 
Dem ea RUM CUE LCe 
and his objective was to meet his 
users’ needs, no matter what. 

“We had customers coming to 
us and saying, ‘I need to do this,” 
and we'd approach the on-site IT 
people and they'd say, ‘We can 
ele elem a VOC CMC Ut 
to get funding,’ ” Tucci says. “So 
we'd do any work-around we 
could.” 

STU meta 
group found out about those rogue 
projects. “Bent noses were com- 
mon,” Tucci acknowledges. “But 
eventually they got over it because 
instead of saying, ‘Ha-ha, we one- 
upped you,” we'd invite them in. 
YR URL cml cote 
ing and how it was done, and they 
might be able to use it in other 
departments.” 

aoa ae MLL od 


going to work in the future, because 
other executives are going to develop a 
lot of expertise in these areas,” he says. 
“When I look at the IT of the future, it 
really becomes a lot more of a compe- 
tency center for program management, 
contract management, relationship 
management.” 

For example, Schueman says, the IT 
shop should apply its special skills in 
IT contract negotiations. He says he 
recently delayed a project, “while the 
user was champing at the bit,” in order 
to better negotiate with a vendor. “By 
waiting, we were able to save several 
hundred thousand dollars,” he says. 

So what should CIOs do when they 
discover rogue IT projects in their 
companies? Says Emcor’s Puglisi, 
“Take a look at yourself and try to un- 
derstand why it would happen. Per- 
haps they had a bad experience with 
your staff, or with you, or maybe they 
don’t know about you.” D 


INSIDER TIPS 


Don't get stung by end-user departments that negotiate 
contracts with application service providers: 


QuickLink 40670 
www.computerworld.com 
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HAPE THE PROCESS for 
managing an offshore 
IT operation into a 
pyramid, and at the top 
are personal visits. Di- 
rectly below that are 
videoconferences, fol- 
lowed by telephone 
calls, e-mail, instant messaging and dis- 
tributed software development tools. 
At the bottom are daily, weekly and 
monthly reports. 

One person who has used many of 
those pyramid levels is Rao Vellanki, 
operations manager at Best Buy Co. 
Vellanki moved from India to the U.S. 
in 1977 at the age of 24 and lives in the 
Minneapolis area. But last year, he re- 
turned to India for a two-year assign- 
ment to manage Best Buy’s offshore 
development in Chennai. 

The Richfield, Minn.-based electron- 
ics retailer has several hundred devel- 
opers in India, many with outsourcer 
Wipro Ltd., to handle the management 
and development of more than 500 
applications. 

Vellanki relies on a variety of meth- 
ods to communicate with the home 
office, but one important tool is video- 
conferencing. “There is no question, 
in my view, that seeing the faces adds 
to the effectiveness of communica- 
tions,” he says. Vellanki adds that 
videoconferencing technology needs 
to improve, but it does the job. “The 
personal touch is there, the integrity is 
there — even though it’s only an intan- 
gible, we find it unavoidable,” he says. 


Manage Your Contractors 
There are tools and techniques for 
managing every aspect of offshore 
work. For instance, Fieldglass Inc. in 
Chicago has software for procuring 
and managing contract IT labor. And 
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REXs 
Create and submit RFXs and 
evaluate and select proposals 
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Projects 
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ELANCE software can manage service-level agreements and invoices, consolidate message traffic 
and analyze spending patterns. Both the client and contractor need to install the software - but 
contractors tend to go along as a contingency for getting paid, Elance officials say. 

















Elance Inc. in Sunnyvale, Calif., has 
software for procuring services and 
managing the contractual relationship. 
Elance’s software automates the tasks 
of contract compliance and payment 
schedules: If the contractor hits the 
milestones, it gets paid; if it doesn’t, 
there are financial penalties. 

On the more nitty-gritty level of soft- 
ware development, there are collabora- 
tive software development tools. Users 
say these tools are good for quickly as- 
sembling relevant data while ensuring 


1 
| that everyone involved has a shared 
view of the information. This often 
means keeping e-mails addressing par- 
ticular issues in a central location and 
making sure they are cross-referenced. 
Best Buy relies on Wipro’s project 
management tools, such as Cocoon, 
which tracks projects and their pro- 
gress and provides for a discussion 
forum, among other features. Out- 
sourcing vendor Cognizant Technol- 
ogy Solutions Corp. in Teaneck, N_J., 
also makes its own collaboration envi- 








Global 


Managers try various 
tools, from videoconfer- 
encing to collaboration 
software, for managing 
offshore contractors. 
By Patrick Thibodeau 
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ronment, called eCockPit. In addition, 
there are third-party tools for distrib- 
uted software development. 

Phillip Lindsay, chief architect at 
Data Trace Information Services LLC 
in Anaheim, Calif., says he’d prefer to 
bring all software developers into the 
same room to review projects. But with 
about half of his 18-member develop- 
ment team in India, that’s not an option. 

“It’s currently difficult to do software 
development in one location, and it’s 
even harder to do it in two locations in 
two time zones,” he says. “Add in a rad- 
ically different time zone, culture, 
country, connectivity — just phone 
calls sometimes are laborious.” 

Lindsay uses a distributed software 
development tool called SourceCast 
from CollabNet Inc. in Brisbane, Calif. 
SourceCast is designed to work ina 
WAN and manages development work 
in a source-code repository. If a file 
changes overnight, those changes are 
seen immediately. “Conflicts are found 
in real time, and that reduces the cost,” 
he says. 

Software tools can help, but manag- 
ing offshore contractors often requires 
a personal touch. For example, Wipro 
has workers at Best Buy’s U.S. headquar- 
ters. And Lindsay says Data Trace has an 
employee from India who is helping his 
team with cultural and language issues. 

The same tools and techniques that 
work for managing offshore software 
developers can also work for offshore 
manufacturing, says Mark Goldberg, a 
vice president at Koret of California 
Inc., an Oakland-based clothing manu- 
facturer and subsidiary of St. Louis- 
based Kellwood Co. 

Koret does all its manufacturing off- 
shore and doesn’t want to maintain in- 
ventory. Goldberg uses Internet-based 
software developed by New Genera- 
tion Computing Inc. in Hialeah, Fla., to 
keep track of the manufacturing opera- 
tions. Everyone involved in the manu- 
facturing process enters data into the 
system, so “there is no question about 
who owns that piece of information, 
who is responsible,” he says. 

Alan Brooks, who founded New Gen- 
eration in 1982, says a big part of man- 
aging diverse work sites is understand- 
ing the thousands of details involved. 
Brooks has developed tools he uses 
to manage software development ap- 
plying the same methods he uses to 
manage offshore manufacturing. His 
advice to IT managers developing soft- 
ware overseas: Approach it like manu- 
facturing a physical product — consid- 
er every aspect of the life cycle. 

“I think making software is manufac- 
turing,” he says. D 
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Don’t start an IT 
project until the 
company has writ- 
ten aclear set of 
rules about the way 
it does business. 
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ECENTLY, colleagues 

and I were talking 

to the chief software 

developer at a large 

client organization 

about progress on a 
major re-engineering effort there. Our 
concern was whether the project team 
members could meet a deadline some 
nine months out for delivering a large- 
scale prototype. We'd just spent sever- 
al intensive months developing a com- 
prehensive business model, and they 
still had several months of system de- 
sign left to complete. 

This chief developer is very sharp — 
not one to commit to any an- 
swer lightly. For the longest 
while, he said nothing, lost in 
thought. Finally, eyeing the de- 
tailed business diagrams plas- 
tered on the walls all around, he said, 
“If we had already started coding, I 
would say we had no chance at all. But 
since we haven't started coding yet, I'd 
say the chances are pretty good.” 

I had to run that by several times in 
my mind before I caught his meaning. 
“If we had already started coding, I 
would say we had no chance at all.” 

I knew he thought that the applica- 
tion coding itself was going to be pret- 
ty tough. It would involve using a rules 
engine, a worldwide distribution net- 
work, graphical user interfaces and 
some significant middleware. 

He was saying that if they had to 
resolve all the business issues while 
coding, they would never pull it off 
in time — or probably ever. However, 
since the project team was tackling 
the tough business issues upfront (in- 
cluding specifying the business rules), 


nN 
EXCERPT 


he thought they had a pretty good 
chance of completing the code by the 
target date. 

In large measure, the business rule 
approach is simply about asking the 
right questions of the right people. 
There is only one way to honestly 
meet a deadline — and that’s to solve 
the business problem first. 


Business-Driven IT 

In the early days of building business 
systems, the business side could essen- 
tially sit back and just let them happen. 
The advantages of automating were so 
compelling that you could do virtually 
no wrong. Now, for all practical 
purposes, business and IT oper- 
ate inseparably. When under- 
taking projects, the logical step 
then would be to put together 
seamless business/IT project teams 
and have them follow a business- 

| oriented approach to developing re- 

| quirements. Yet many companies are 

| nowhere close to doing that today. 

All too often, the business side still 
produces fuzzy, ill-focused “require- 
ments,” and the IT side continues do- 
ing “requirements” only a notch or two 
above programming. How can this gap 
between business professionals and IT 
professionals in developing require- 
ments be eliminated? 

The answer is relatively straightfor- 
ward. The business needs an organized 
approach that enables business profes- 
sionals to drive the development of re- 
quirements. This approach must pro- 
vide a road map that shows how to ask 
the right kinds of questions about the 
right things at the right times. What’s 
needed is a business-driven approach. 
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The Rule Book 


How many rules does your com- 
pany have? A thousand? Ten thou- 
sand? How easy is it to change any 
one of those rules? 

Many companies today are start- 
ing to realize that they have prob- 
lems with rule management. Rules 
need to be managed in a consistent 
or coherent manner. 

Your company’s book of rules 
shouldn't be paper-based but rather 
automated in a database or reposi- 
tory, where the rules can be man- 
aged and readily accessed. That 
way, the book of rules can play a 
very active role not only during the 
system development project, but 
also once the new business system 
becomes operational. Software 
tools are now available that enable 
direct business-side management 
of rules, opening unprecedented 
opportunities for the business. 

~ Ronald 6. Ross 


In traditional development ap- 
proaches, much is usually lost in the 
translation of upfront requirements to 
the actual running system. But writing 
a set of clear business rules improves 
communications between the business 
side and IT, and provides a bridge be- 
tween business analysis and system de- 
sign. The business rule approach helps 
to close the requirements gap between 
the business side and the IT side. 

So what’s a business rule? From the 
business point of view, it’s a directive 


Business 
Feules 
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intended to influence or guide behav- 
ior. Business rules are literally the en- 
coded knowledge of your business 
practices. From an IT point of view, 

a business rule is an atomic piece of 
reusable business logic. 

In a way, everyone knows what busi- 
ness rules are — they’re what guide 
your business in running its day-to-day 
operations. Without business rules, 
you'd always have to make decisions 
on the fly, choosing between alterna- 
tives on a case-by-case basis. Doing 
things that way would be very slow. 

Rules are familiar to all of us in real 


Library Fact Model 


This diagram shows a graphical fact model for a library. The rule’s wording is based directly on the fact model, 
whichis a diagram of basic business concepts - a knowledge structure. A fact model can and should provide a 
first-cut blueprint for how data will be eventually organized in a database. RULE: A library card may be used 

to check out a book only if the book is owned by a library for which the card is authorized. 


Is used to checkout —> 


Rules essentially add the sense of 
the words must or must not to the 
terms and facts, as in, “Orders on cred- 
it over $1,000 must not be accepted 
without a credit check.” 

Rules should be expressed in clear, 


| unambiguous, well-structured busi- 


ness English, starting with an explicit 
subject. Rules should have no fluff and 
no missing facts. Rules can be quali- 
fied, as in “A shipment must be insured 
if the shipment value is greater than 


| $500.” And rules can include timing 
| criteria, as in “A student must be en- 


rolled in at least two courses by the 


Works 
A for 


Is charged 
against 


€ Is authorized for —> ] 
Holds 


life. We play games by rules, we live close of registration.” 
under a legal system based on a set of 


rules, and we set rules for our children. Rule independence 


Yet the idea of rules in business sys- 
tems is ironically foreign to most IT 
professionals. Say “rules” and many 
IT professionals think vaguely of ex- 
pert systems or artificial intelligence. 
There’s little recognition of how cen- 
tral rules actually are to the basic, day- 
to-day operations of the business. 

Not coincidentally, many business- 
side workers and managers have be- 
come so well indoctrinated in proce- 
dural views for developing require- 
ments that thinking in terms of rules 
might seem foreign or abstract. Virtu- 
ally every methodology is guilty in this 
regard, whether for business process 
re-engineering, system development or 
software design. 

This is unfortunate for two reasons: 

1. Thinking about any organized ac- 
tivity in terms of rules is actually very 
natural. For example, imagine trying to 
explain a game like chess, checkers, 
baseball or football without explaining 
the rules. 

2. Business-side workers and man- 
agers have the knowledge it takes to 
create good rules. 


Sample Rules 
Take a look at the sample rules that 
follow, and notice how every aspect 
of operational control in a business 
system can be addressed by rules: 

@ Restrictions: A customer must not 
place more than three rush orders 
charged to its credit account. 











® Heuristics: A customer with pre- 
ferred status should have its orders 
filled immediately. 

= Computations: A customer’s annual 
order volume must be computed as to- 
tal sales closed during the company’s 
fiscal year. 

@ Inference: A customer must be 


| considered preferred if the customer 


places more than five orders over 
$1,000. 
@ Timing: A customer must be 


archived if the customer doesn’t place 
| any orders for 36 consecutive months. 


@ Triggers: “Send advance notice” 
must be executed for an order when 


| the order is shipped. 


Rules build directly on terms and 
facts. Terms — like customer, shipment 
and invoice — should have a precise, 
unambiguous definition in the busi- 
ness. For example, customer might 
be defined as: “An organization or indi- 


| vidual person that has placed at least 
| one paid order during the previous 
| two years.” 





Facts are given by simple, declara- 
tive sentences that connect the terms 
with a verb or verb phrase, such as, 
“Customer places order.” 

A “fact model” is a set of fact state- 
ments that describe the results of a 
business operation (see diagram). A 
fact model should serve as an initial 
blueprint for a data model, but its pri- 
mary purpose is to capture knowledge 
about the business in a structured 
form, distilled from the business-side 
workers and managers who possess it. 


Rules About 
Business Rules 
SB Ceesie tiem ey alti 


and made explicit. 


AT CRS ITM eR ey Ce) qcrictct | 
PEE Ue Le oe 
= Rules should exist independent 
Ole emcee URE tee 
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A business is very much like a human 


| body. The knowledge (term and fact) 


structure is like the skeleton; the proc- 


| esses are the powerful muscles; and 


the rules are the nervous system that 


| controls the other two. All three are es- 


sential and interrelated. But business 
rules shouid be separate from the oth- 


| er two. A basic principle of this ap- 


proach is that rules are independent 


| of processes and procedures. A fringe 


benefit of that “rule independence” is a 

huge simplification in the processes. 
The result is a “thin process,” a long- 

standing goal of many IT prefession- 


| als. By taking the rules out of the 


processes, you can produce processes 
that are relatively simple and can be 
changed as the need arises. 

In the National Football League, if 
a play isn’t working for a team, it will 
be gone from its playbook within a 
couple of games. The plays are essen- 
tially throwaways. Similarly, businesses 
need to view their own procedures as 


throwaways — cheap enough to dis- 


card and replace readily when the pro- 


| cedures no longer work well. 


Throwaway procedures are a must 
for the business to be adaptable and 
competitive. This deceptively simple 
idea — made possible by the business 
rules approach — can revolutionize 
the way work is done and systems are 
designed. D 





Reprinted with permission from 
Principles of the Business Rule 
Approach, by Ronald G. Ross (Addison- 
Wesiey, 2003). Ross is co-founder and 
principal of Business Rule Solutions 
LLC and executive editor of the Web 
site BRCommunity.com. 


WHO'S CHANGING THE RULES? 


Should you let business managers make changes in the 
business rules embedded in IT systems? 
QuickLink 39830 
www.computerworld.com 
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Principles 
me of the 


Business Rule 
Approach 


Ronald G, Ross 


Don’t start an IT 
project until the 
company has writ- 
ten aclear set of 
rules about the way 
it does business. 


MANAGEMENT 


ECENTLY, colleagues 

and I were talking 

to the chief software 

developer at a large 

client organization 

about progress ona 
major re-engineering effort there. Our 
concern was whether the project team 
members could meet a deadline some 
nine months out for delivering a large- 
scale prototype. We'd just spent sever- 
al intensive months developing a com 
prehensive business model, and they 
still had several months of system de- 
sign left to complete. 

This chief developer is very sharp 
not one to commit to any an- 
swer lightly. For the longest 
while, he said nothing, lost in 
thought. Finally, eyeing the de- 
tailed business diagrams plas- 
tered on the walls all around, he said, 
“If we had already started coding, I 
would say we had no chance at all. But 
since we haven't started coding yet, I'd 
say the chances are pretty good.” 

I had to run that by several times in 
my mind before I caught his meaning. 
“If we had already started coding, I 
would say we had no chance at all.” 

I knew he thought that the applica- 
tion coding itself was going to be pret- 
ty tough. It would involve using a rules 
engine, a worldwide distribution net- 
work, graphical user interfaces and 
some significant middleware. 

He was saying that if they had to 
resolve all the business issues while 
coding, they would never pull it off 
in time — or probably ever. However, 
since the project team was tackling 
the tough business issues upfront (in- 
cluding specifying the business rules), 


nn 
aaa 


he thought they had a pretty good 
| chance of completing the code by the 
| target date. 
In large measure, the business rule 
| approach is simply about asking the 
| right questions of the right people. 
There is only one way to honestly 
meet a deadline — and that’s to solve 
the business problem first. 
Business-Driven IT 
In the early days of building business 
systems, the business side could essen- 
tially sit back and just let them happen. 
The advantages of automating were so 
| compelling that you could do virtually 
no wrong. Now, for all practical 
purposes, business and IT oper- 
ate inseparably. When under- 
taking projects, the logical step 
then would be to put together 
seamless business/IT project teams 
and have them follow a business- 
oriented approach to developing re- 
quirements. Yet many companies are 
nowhere close to doing that today. 

All too often, the business side still 
produces fuzzy, ill-focused “require- 
ments,” and the IT side continues do- 
ing “requirements” only a notch or two 
above programming. How can this gap 
between business professionals and IT 
professionals in developing require- 
ments be eliminated? 

| The answer is relatively straightfor- 
ward. The business needs an organized 

| approach that enables business profes- 

sionals to drive the development of re- 
quirements. This approach must pro- 

| vide a road map that shows how to ask 

| the right kinds of questions about the 

| right things at the right times. What's 

| needed is a business-driven approach. 


www.computerworld.com 


The Rule Book 


How many rules does your com- 
pany have? A thousand? Ten thou- 
sand? How easy is it to change any 
one of those rules? 

Many companies today are start- 
ing to realize that they have prob- 
lems with rule management. Rules 
need to be managed in a consistent 
or coherent manner. 

Your company’s book of rules 
shouldn't be paper-based but rather 
automated in a database or reposi- 
tory, where the rules can be man- 
aged and readily accessed. That 
way, the book of rules can play a 
very active role not only during the 
system development project, but 
also once the new business system 
becomes operational. Software 
tools are now available that enable 
direct business-side management 
of rules, opening unprecedented 
opportunities for the business. 

~ Ronald G. Ross 


In traditional development ap- 
proaches, much is usually lost in the 
translation of upfront requirements to 
the actual running system. But writing 


| a set of clear business rules improves 

| communications between the business 
| side and IT, and provides a bridge be- 

| tween business analysis and system de- 


sign. The business rule approach helps 
to close the requirements gap between 
the business side and the IT side. 

So what's a business rule? From the 
business point of view, it’s a directive 


Business 
Fules 
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intended to influence or guide behav- 
ior. Business rules are literally the en- 
coded knowledge of your business 
practices. From an IT point of view, 

a business rule is an atomic piece of 
reusable business logic. 

In a way, e 
ness rules are — 
your business in running its day-to-day 
operations. Without business rules, 
you'd always have to make decisions 
on the fly, choosing between alterna- 


veryone knows what busi- 
they’re what guide 


tives on a case-by-case basis. Doing 
things that way would be very slow. 

Rules are familiar to all of us in real 
life. We play games by rules, we live 
under a legal system based on a set of 
rules, and we set rules for our children. 
Yet the idea of rules in business sys- 
tems is ironically foreign to most IT 
professionals. Say “rules” and many 
IT professionals think vaguely of ex- 
pert systems or artificial intelligence. 
There’s little recognition of how cen- 
tral rules actually are to the basic, day- 
to-day operations of the business. 

Not coincidentally, many business- 
side workers and managers have be- 
come so well indoctrinated in proce- 
dural views for developing require- 
ments that thinking in terms of rules 
might seem foreign or abstract. Virtu- 
ally every methodology is guilty in this 
regard, whether for business process 


re-engineering, system development or 


software design. 

This is unfortunate for two reasons: 

1. Thinking about any organized ac- 
tivity in terms of rules is actually very 
natural. For example, imagine trying to 
explain a game like chess, checkers, 
baseball or football without explaining 
the rules. 

2. Business-side workers and man 
agers have the knowledge it takes to 
create good rules. 


Sample Rules 
Take a look at the sample rules that 
follow, and notice how every aspect 
of operational control in a business 
system can be addressed by rules: 

® Restrictions: A customer must not 
place more than three rush orders 
charged to its credit account. 
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rary Fact Model 


| for a library. The rule's wording is base 
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first-cut blue yrint for he wudata will be eventually or 


ledge structt an z 
zed ina database. RULE: library ani may ‘be nad 


ire. A fact mode 


to check out a book only if the book is owned by a library for which the card is authorized. 


Is used to checkout —> 


is authorized for —» 
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Type 


@ Heuristics: A customer with pre- 
ferred status should have its orders 
filled immediately 

= Computations: A customer’s annual 
order volume must be computed as to- 
tal sales closed during the company’s 
fiscal year. 

@ Inference: A 
considered preferred if the customer 
places more than five orders over 
$1,000. 

@ Timing: A customer must be 
archived if the customer doesn’t place 


customer must be 


any orders for 36 consecutive months. 

@ Triggers: “Send advance notice” 
must be executed for an order when 
the order is shipped. 

Rules build directly on terms and 
facts. Terms — like customer, shipment 
ind invoice — should have a precise, 
unambiguous definition in the busi- 
ness. For example, customer might 
be defined as: “An organization or indi- 
vidual person that has placed at least 
one paid order during the previous 
two years.” 


> A 
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Works 
for 


Makes 


iaeis 
by 


Owns 
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Is aote4 


Facts are given by simple, declara- 
tive sentences that connect the terms 
with a verb or verb phrase, such as, 
“Customer places order.” 

A “fact model” 
ments that describe the results of a 
business operation (see diagram). A 


is a set of fact state- 


fact model should serve as an initial 
blueprint for a data model, but its pri- 
mary purpose is to capture knowledge 
about the business in a structured 
form, distilled from the business-side 
workers and managers who possess it. 


Rules About 
Business Rules 
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= Rules should be accessible 
to authorized parties. 


= Rules should be specified 
directly by those people who have 
aad att 


= Rules should be managed. 
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Rules essentially add the sense of 
the wore 


terms and facts, 


is must or must not to the 
as in, “Orders on cred 
it over $1,000 must not be accepted 
without a credit check.’ 

Rules should be expressed in clear, 
unambiguous, well-structured busi- 
ness English, starting with an explicit 
subject. Rules should have no fluff and 
no missing facts. Rules can be quali- 
shipment must be insured 


fied, as in “A 


if the shipment value is greater than 
$500.” And rules can include timing 
“A student must be en- 


rolled in at least two courses by the 


criteria, as in 


close of registration.” 


Rule Independence 

\ business is very much like a human 
body. The knowledge (term and fact) 
structure is like the skeleton; the proc 
esses are the powerful muscles; and 
the rules are the nervous system that 
All three are es 
sential and interrelated. But business 


controls the other two 


rules should be separate from the oth- 
er two. A basic principle of this ap- 
proach is that rules are independent 
of processes and procedures. A fri 
benefit of that “rule independence 
huge simplification in the processes 

The result is a “thin process,” a long 
standing goal of many IT profession- 
als. By taking the rules out of the 
processes, you can produce processes 
that are relatively simple and can be 
changed as the need arises 

In the National Football League, if 
a play isn’t working for a team, it will 
be gone from its playbook within a 
couple of games. The plays are essen- 
tially throwaways. Similarly, businesses 
need to view their own procedures as 
throwaways — cheap enough to dis 
card and replace readily when the pro- 
cedures no longer work well. 

Throwaway procedures are a must 
adaptable 
simple 


by the business 


for the business to be and 


competitive. This deceptively 
idea — made possible 
rules approach — can revolutionize 
the way work is done and systems are 


designed. D 


Reprinted with permission from 
Principles of the Business Rule 
Approach, by Ronald G. Ross (Addison- 
Wesley, 2003). Ross is co-founder and 
principal of Business Rule Solutions 

LLC and executive editor of the Web 
site BRCommunity.com. 


| WHO'S CHANGING TH THE RULES? 


Should yo 
busines { 
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‘Virtual Close’ 
Piques Interest 


Large companies that are looking 
to close their monthly financial 
books faster than the current 
paper-based 15 days are showing 
interest in the “virtual close,” 
according to a report by Meta 
Group Inc. With a virtual close, 
all transactions and expenses are 
reported in real time instead of 

in batch mode. 


Tracking inventory and expens- 


es in detail and motivating em- 
ployees - for example, salespeo- 
ple who need to provide monthly 
sales reports - to enter correct 
numbers into the system on time 
are most important. The goal, 
Meta said, is to be able to do a 
virtual close on a dime. To ac- 
complish that, companies must 
streamline their systems and 
adopt the following practices: 


@ Keep the code simple and 
focused on financial reporting. 


@ Re-evaluate the value gained 
from complex allocations and 
chargebacks. 


@ Reduce both the number of 
books and the number of ERP 
applications they are entered on 
so the finance department has 
fewer systems to coordinate. 


@ Use a common set of best 
practices throughout the compa- 
ny to improve coordination. 


& Improve business performance 
management using Web-based 
reporting/result software. 


Eaton Hires IT 
Vet as New CIO 


Industrial manufacturer Eaton 
Corp. has named Robert Sell as 
its new CIO. Sell has approxi- 
mately 30 years of IT and opera- 
tions experience and most re- 
cently was CiO at Moore Wallace 
Inc., a distributor of print and dig- 
ital information. He has also 
worked as CIO at Brunswick 
Corp. and Coors Brewing Co. Sell 
will lead the Cleveland-based 
company’s worldwide IT opera- 
tions and report to Richard 
Fearon, Eaton's chief financial 
and planning officer. 
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Think Like an 
Archaeologist 


F YOU’D LIKE YOUR IT PROJECTS and depart- 
ment to run more efficiently and effectively, you 
probably need to develop a keen appreciation for 
the work of archaeologists. That’s right, real ar- 
chaeologists. I’m not talking about the Indiana 
Jones variety of adventurous grave robbers, but of 
those men and women who spend their summers pa- 
tiently digging in the dirt with trowels, dental picks 
and paintbrushes looking for sticks, stones and bones. 


For us, what’s important 
about their work isn’t the 
excavation part, but what 
they do with the artifacts 
after they’ve removed them 
from the site. Archaeolo- 
gists are students of the 
history of human technolo- 
gy. The fundamental 
premise of the field is that 
by carefully examining the 
artifacts of a past culture, 
we can understand the 
people who made those ob- 
jects. We can learn not only 
about how the objects were 
made, but also about the 
ideas, values, culture and rl ae 
history of those who made them. We 
can understand to some degree how 
they lived and what they thought. 
What archaeologists have recog- 
nized is that technology doesn’t exist 
independently from people. In their 
eyes, a piece of technology is a durable 
form of human expression. When they 
look at a potsherd, they can often de- 
termine how the pot was made, in- 
cluding where the clay came from, 
what tempering was added to the clay 
and how it was fired. If the clay origi- 
nated far from where the object was 
found, it indicates that the makers ei- 
ther traveled or traded. The tech- 
niques used to make the pot show how 
advanced the maker’s knowledge of 





pottery technology was. 
The shape and decorations 
often convey the use of the 
object. The choices made 
by the ancient artisans of- 
fer a glimpse into their 
minds and values. 

This is no different from 
the technology coming out 
of any modern IT group. 
The technology that you 
create bears the marks of 
your team just as a stone 
ax shows the marks of an 
ancient flintknapper. The 
technology that you create 
is a reflection of the indi- 
viduals who make it, the 

values of the makers and of the dy- 
namics of the group. 

In short, technology is the collective 
expression of the team that creates it. 
It doesn’t exist as an entity separate 
from the team. They are reflections of 
each other. The team often organizes 
itself according to the demands of the 
technology, and the technology is pro- 
duced through the dynamics of the 
team. In his book The Dynamics of 
Software Development Jim McCarthy 
refers to this phenomenon as “Team = 
Software.” 

For example, imagine that you’re de- 
veloping some sort of software system, 
and you get to the system integration 
phase and find that two chunks of 





code don’t integrate well with each 
other. In this situation, you can be 
pretty sure that the two groups that 
developed those different chunks of 
code don’t communicate well. In fact, 
they probably don’t like each other 
much, either. The dynamics of the hu- 
man interaction have been expressed 
in the form of code. 

I’m sure you’ve all seen a system in 
which the user interface made perfect 
sense to the programmers but was 
completely unintelligible to the users. 
Usually the interfaces on these sys- 
tems reflect the underlying structure 
of the code rather than the business 
processes of the users. You can be as- 
sured that the cultural assumptions of 
that group include the idea that under- 
standing technology is more impor- 
tant than understanding business im- 
provement. The values of the group 


| are clearly expressed in the design of 


the interface. 

Have you ever worked on a system 
that was beautiful to behold, but was 
impossible to deploy and/or support? 
You can be pretty sure that the group 


| that develops such a system holds pro- 


grammers in higher esteem than de- 
ployment specialists, operations per- 
sonnel or help desk technicians. The 
concerns of these groups were dis- 
counted or ignored during the design 
and construction. The social hierarchy 
of the group is right there, like a fin- 
gerprint on an Aztec water jug. 

If you pay close attention to the dy- 
namics of your group, you'll probably 
be able to predict what your technolo- 
gy will look like long before the mon- 
ey is spent developing and deploying 
it — and maybe your work will live on 
rather than being dug up by some fu- 
ture archaeologist. D 
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maintain, interface w/ ASD 
Quality Assur. for integration 
testing & interact w/ ASD archi- 
tect. for project/feature life cycle 
Bachelor's or foreign degree 
equiv. in CS, MIS, CIS 
Engineer., or related, & 5 yrs 
Progressive exp. in position, in 
software or systems engineer. 
program. or develop. req'd. Will 
accept Master's in stated fields 
in lieu of bachelor's + exp 
Competitive salary, 40 hrs/wk 
OT as need. Send resume to: M 
Powers, HR Mgr, REF#JY. 
CoreCARD,1 Meca Way, 
Norcross, GA 30093 


generate 


Mae Moles es 


Full-time Programmer/Database’ 
Analyst Lead programmer/ 
database analyst responsible for’ 
full software development lifecy- 
cle. Manage, design, develop 
and implement database, data- 
base web site for standard 
reporting and information 
exchange Identify business 
requirements, translate busi- 
ness requirements into function- 
al design and processes for 
diverse development platforms 
computing environments, soft- 
ware, hardware, technologies 
and tools. Research and evalu- 
ate new technologies and rec- 
ommend cost effective solu- 
tions. Develop and prepare 
computer programs. Prepare 
program test data, tests, and 
debug programs. Work with 
SQL, Oracle, C++, JAVA 
PL/SQL, Windows NT, Unix and 
OS2. Must have Bachelor's 
degree in Computer Science or 
jated field Employer will 
ept combination of educa- 
tion/experience that equates to 
Bachelor's degree (3 to 1 rule) 
Foreign or domestic education 
equivalent to Bachelor's degree 
accepted. Must have 2 years 
experience in job offered or 
position with same duties 
Salary: $72,500. Send resume 
to Natasha Lyttle, Ref. # 
NCLOO1 SITA INC, 3100 
Cumberland Boulevard, Suite 
200, Atlanta, Georgia 30339. 


Mechanical Software Engineer 
Develop Real-Time control mod- 
ules on Windows NT/2000/XP 
platform Design PC-based 
Computerized Numerical 
Control (CNC) and Prog- 
rammable Logic Control (PLC) 
industrial robots and servo 
motion contro! functions and 
algorithms in C Visual 
C++/MFC and Visual Basic 
Develop Real-Time drivers for 
1EEE1394 FireWire and propri- 
etary high-speed fiber optic 
communications Perform 
mechatronics system integration 
and evaluation, machine dynam- 
ics and vibration analysis and 
servo tuning for CNC lathe and 
milling machines. Link CAD 
CAM packages for Direct 
Numerical Control (DNC) 
Requirements include a 
Master's degree or equivalent in 
Mechanical Engineering. No 
work experience required 
Applicants must have unrestrict- 
ed authorization to work in the 
United States. Salary $77,539, 
year. 40 hours/wk. Respond 
with two copies of resume to 
Case #200202479 Labor 
Exchange Office, 19 Staniford 
St., 1st Fl, Boston, MA 02114 


Computer Programmer who will 
plan, develop, test and docu- 
ment computer software using 
COM, COM +, MSMQ, MTS, IIS. 
iS Security, ASP, Visual Basic 
XML, RDBMS, WAP, Bluetooth 
PVCS, SOAP, WML, ACH for 
PC, BizTalk Server, TestDirector, 
and Visual Studio.NET. 
Applicant must have a 
Bachelor's degree or foreign 
degree equivalent combination 
of education in Computer 
Science or Engineering 
Applicant must have at least 5 
years of work experience in soft- 
ware development in various 
platforms and _ technologies 
Applicant must have working 
knowledge of Bluetooth, WML 
ACH for PC, BizTalk Server 
TestDirector, Visual Studio.NET, 
lS Security and PVCS 
Applicant must be a Microsoft 
Certified Professional Solution 
Developer. $66,200/yr, 40 
hours/wk 9:00am-5:00pm 
Send resume, listing Job Order 
Number WEB 347647 to Site 
Administrator, Greene County 
Team PA CareerLink, 4 West 
High Street, Waynesburg, PA 
15370-1324 
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Web Service & Support Analyst 
|: Entry level position to design & 
develop multi-tier database-dri- 
ven websites; troubleshoot & 
maintain medical staffing system 
using ASP, VB/COM, Java- 
Script, SQL/SQL Plus & HTML; 
use PhotoShop/ ImageReady & 
Flash to design graphics for web 
Pages and advertising banners. 
web marketing w/ Search 
Engine Optimization; monitor & 
analyze Web Traffic. Req. BS in 
Healthcare Info Sys, CS or other 
related field, no exp. req. but 
must demo. ability to perform 
duties through course work in 
Healthcare Info Sys or related 
course. Resume w/ transcript to 
HR Director, Medical Doctor 
Associates, 145 Technology 
Pkwy NW, Norcross, GA 30092 


Tool King, LLC, seeks 
a software developer 
with experience in soft- 
ware and web tech- 
nologies. B.S in 
Comp. Science + 3 yrs 
exp in VB, ASP, SQL- 
Server, IIS. Send 
resume to HR, 299 
Bryant St., Denver, CO 
80219. 


Software Business Analyst 
Consult with client companies to 
review, analyze, evaluate their 
business systems & write 
detailed description of user 
needs. Create technical specs & 
steps reqd to develop or modify 
information systems applica- 
tions. Automate costing & pur- 
chase order system using MS 
ACCESS. Oracle Crystal 
Reports, VB in Win NT environ. 
ment. Req Bachelor's in 
Accountancy/Rel field with 2 yrs 
exp. Wages: $60,000/yr, 40 
hrs/wk, 8-5. Send 2 resumes 
Case#200202838 Labor 
Exchange Office, 19 Staniford 
St. ist Fl., Boston, MA 02114 


Technical Support Specialist 
assign and coordinates work 
projects; establish work priorities 
and evaluate cost and time 
requirements; review and test 
programs to ensure compliance 
with specifications and stan- 
dards; maintain company net- 
work system and website 
process e-commerce. Req. BS 
or equivalent in CS, CE or relat- 
ed field w/ proficiency in JSP, 
HTML, TCP/IP, network HW/SW 
installation, configuration, and 
troubleshooting. 40hr/wk, 11-7 
Contact Sunnytech, Inc. at 2780 
Peterson Place, Norcross, GA 
30071 


Software 
Professionals 


Chart Links is a rapidly growing 
medical software company 
located in New Haven, CT. We 
are seeking experienced full- 
time software developers and 
contractors with the following 
Skills HTML/XML, JAVA 
JavaScript, SQL Server, Visual 
Basic, Data Modeling, RDBMS 
Designer and Crystal Reports 
Forward your resume to Chart 
Links’ HR Dept. via fax (203) 
624-3501 or e-mail at 
hr@chartlinks.com. For more 
information, please visit our 
website at: www.chartlinks.com 


Meena eReeyen 
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Telecom tech co. in 
Framingham, MA seeks SW 
Engr. to design & develop cail 
control service applications 
using C/C++, object oriented 
design & knowledge of telepho- 
ny protocols. Port application on 
various operating systems (i.e 
Windows 2000, Solaris& Linux) 
Diagnose, correct, test & deliver! 
solutions for customer specific 
issues w/proprietary host-based 
telephony software. Provide 
engineering & technical service 
training on proprietary host- 
based telephony services & soft- 
ware. Must have: BS in Comp 
Sci., Engineering, Math, Physics 
or equivalent + 6 months SW 
development exp. Must have 
exp. w/ C/C++ OS Programming 
& entire SW development cycie 
from design to testing 
Knowledge of real-time embed- 
ded systems, telephony hard- 
ware devices, protocols & 
Telephony Infrastructure req- 
uired Salary $62,000/yr. 
Submit 2 resumes to Case 
#200202666, Labor Exchange 
Office, 19 Staniford Street, 1st 
fi., Boston, MA 02114 


Software Engineers & 
Programmers Analyze, 
design, test and implement 
specialize software applica- 
tions for e-commerce, Web, 
Client Server technologies, 
Legacy systems and distrib- 
uted apps. in Weblogic, 
Corba, Apache, Mainframe, 
ASP, J2EE, Siebel, PB and 
related technologies utilizing 
appropriate RDBMS including 
Oracle and DB2 HR, 
Instcomp, Inc., 906 Lacey 
Ave., Suite # 206, Lisle, 
60536. EOE 


Senior Programmer with 
MS in CS and min 2 yrs 
exp wanted in Houston. 
Must have’ working 
knowledge of ASP, 
-NET, J2EE, SQL, XML, 
TIBCO, Plumtree, Doc- 
umentum wireless appli- 
cations. Resume to: E- 
Ceptionist, Inc., 2000 
Bagby, Ste 5430, 
Houston, TX 77002. 


Computer Systems Admin- 
istrator. Analyze/maintain/ 
modify applications on IBM 
mainframe. Req. BS Math/ 
Comp. Science/Rel. Field & 
2 yrs exp in job/2 yrs exp as 
Sr. Analyst/Programmer. 
Spec. Req. Expertise in 
COBOL, DB2, CICS, CSF, 
Cordaptix & Utility Billing 
Systems. Send Resume 
Louie G. Abad, EV3A, Inc. 
104 Pierpoint Cir., Folsom, 
CA 95630(Jobsite) 


Paradigm Infotech is looking for 
programmer/system analysts. 
s/w engineers. Candidate must 
have BS with at least one-year 
IT experience. Good skills in 
C/C++, Java, Oracle, WebLogic, 
VB, HTML, ERP are plus 
Traveling is required. Apply 
jobs@paradigminfotech.com 
EOE 


Staffing Tree, LLC has openings 
for System Analyst, IT consul- 
tants/recruiters. BS or equiva- 
lent required. Exp. in Oracle, 
Java, C/C++, SQL & IT place- 
ment/marketing preferred 
Travel required for some posi- 
tions. We sponsor green card 
Please contact 

debdas@staffing-tree.com. EOE 
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MA based IT company has 
openings for Software Engin- 
eers & DBA’s: (Multiple open- 
ings) Research, Analyze 
Design, develop, test, diagnose, 
and implement various business 
applications. 


Real time OS Vx Works, 
Networking Protocols, People- 
Soft HR/Financials, IPSEC, IKE 
BAAN ERP, BAAN tools, SAP’ 
v3 and ABAP/4, Oracle 
8.x/9.x/11.x, Sun Solaris 2.8 
Veritas Clustering, Oracle 
Utilities, Unix Shell Scripting 
PL/SQL, Erwin Data Modeling/ 
Designing, Web Technologies 
like J2EE, JDBC/ODBC, Web 
sphere, EJB, COM/DCOM 
C/C++, MS SQL Server, UNIX 
J2EE Architect/Team-Lead 
experience in implementing 
financial applications on HP- 
Tandem Non-stop systems 
Product Administration System 
SABLIME. Business Objects 
5.1.5, Data Warehousing, 
informatica - Power Center 5.1 
SAS 8, Teradata Utilities, Erwin, 
Power Mart5.1 / PowerCenter 5, 
Data Junction Cognos 
Impromptu 7.0, JD Edwards, 
WinRunner 6.0, Test Director 
6.0, Silk, Load Runner, Rational 
Suite, SQA Suite. 


DBAs must have experience in 
instailation, migration, moving, 
setup, monitoring and trouble 
shooting of various database 
applications. May require travel 
to client sites Software 
Engineer $78,000 & up; DBA 
$60,000 and up. Mail resume to 
CRG, INC., 222 Turnpike Road. 
Suite 9B, Westboro, MA 01581 


LINUX & AIX support. Assist 
univ. faculty/staff to use UNIX to 
support research, instruction 
outreach. Work under Ass't Dir. 
& Syst Software Spec 
Required knowledge & experi- 
ence: Support Suse, RedHat 
Linux & AIX. Research security 
on AIX & Linux. Install/test OS & 
MySq!, 082, GAMESS, Samba 
Apache, Resin, Schrodinger. 
Matiab. WBM, NMON, MRTG to 
monitor system performance. 
Capacity pianning, research hw 
configs. Build Beowulf cluster & 
pgm LAN/MPI PVM. Backup 
Linux with Reiserfs & EXT3 File 
systems. Linux or AIX System 
consulting. Support ARC GIS 
DB2 WebSphere, Jakarta 
Tomcat. Implement Geowall or 
Windows & Linux. 3-D data con- 
vert. Backup, restore, archive 
large-scale storage data 
Storage expansion projection 
Base Salary $35,015 per 12 
months plus fringe benefits 
Send two copies of letter of 
application and resume to 
South Dakota One-Stop Career 
Center, Attn: Laura Hoyt, 1310 
Main Ave S, Suite 103 
Brookings sD 57006 
Telephone: (605) 688-4350 
Fax: (605) 688-6761. Must refer’ 
to Job Order Number 
$D1235290. 


PROGRAMMER ANALYSTS for 
Arlington Heights, IL office 
Design & Develop software 
applications using C++, Proc* 
Oracle, Sybase, XML,UML 
Coolgen, Interwoven, Clear- 
Case, ClearQuest, PVCS, Aix 
UNIX/Win NT. Bachelors req'd in 
Computers, Engineering, Math 
or related field of study +2 yrs of 
related exp. 40 his/wk. Must 
have legal authority to work per- 
manently in the U.S. Contact HR 
Manager, Terasoft International 
Inc., 2015 S.Arlington Heights 
Road, #114, Arlington Heights 
1L60005 
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ExtraQuest Corporation seeks 
Sr. Database Administrator to 
work in Greenwood Village, CO 
to develop and administer 
Oracle databases that run on 
UNIX and Linux platforms 
Install and maintain database 
documentation and patch appli- 
cations. Engage in capacity 
planning, systems analysis and 
design, application program 
development and proactive per- 
formance analysis, monitoring 
and tuning. Perform hot back 
ups, hot standby databases and 
data guard configuration utilizing 
RMAN. Design, configure and 
administer Oracle Parallel and 
Real Application Cluster 
Database Servers. Engage in 
data conversion/migration 
development of budget and pro- 
ject proposals and project man- 
agement. Requires bachelor's 
degree in computer science or 
related field, as well as 4 years 
experience performing the core 
duties and using the skills 
described above. Respond by 
resume to ExtraQuest Corp 
Human Resources, 5575 DTC 
Pkwy, #240, Greenwood Village. 
CO 80111, and refer to job 
#4106 


CCIE Technical Support 
Manger-Post Sales - Manage 
post-sales technical support 
activities of technic: support 
staff engaged in the analysis 
design and implementation of 
solutions to engineering and 
integration problems of complex 
internetworked systems based 
in Cisco Systems technologies. 
Bachelor's degree or foreic 
degree equivalent in Computer 
Engineering or related field 
required and five years of expe- 
rience in network design engi- 
neering and/or network support 
engineering. Please forward 
resume to Attn: Mike Gallimore 
BellSouth Communication 
Systems, 2359 Perimeter Point 
Parkway. Charlotte North 
Carolina 28208. Please do not 
email or fax resumes. EOE 


Database Administrator (4 open- 
ings): Analyze, dsgn s/ware & 
h/ware reqmts. Install, adminis- 
ter Oracle d/bases in HA cluster 
Support OPS, Administer OAS 
Database recovery, RMAN 
backup, Datastage, ERWIN 
Reportwriter, Forms, Replication 
Manager, Pro*C, Shell Scripting 
Use Soiaris, HP-UX, AIX, DEC 
Alpha, NT. Req. BS in CS, Math 
or other Engg or 
exp. in job offd. 40hr/wk 
Resume to: HR Mgr, Omnisoft 
Inc., 1265 Compass Pointe 
Crossing, Alpharetta, GA 30005 


ci field + 1 yr 


Netegrity, Inc., a leader in 
Software, Services and High 
Technology seeks a Prof- 
essional Services Consultant 
Position requires degree and 
industry experience. Also 
requires 70-80% domestic 
and international travel. If 
interested send resume to 
Human Resources, Netegrity, 
Inc., 201 Jones Road, Sth 
Floor, Waltham, MA 02451, or! 
via fax: 781-207-5835, or 
online at www.netegrity.com. 
EOE 
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Mechanical Software Engineer 
Develop Human-Machine 
Interface (HMI) for Real-time 
soft motion control modules on 
Windows NT/2000/XP platform. 
Design PC-based Computerized 
Numerical Control (CNC) and 
Programmable Logic Control 
(PLC), industrial robots and 
servo motion control functions 
and algorithms in C, Visual 
C++/MFC and Visual Basic 
Perform contro! system integra- 
tion and evaluation, machine 
dynamics and vibration analysis 
and servo tuning for CNC lathe 
and milling machines. Manage 
chassis and board structure 
design and improvement with 
CAD systems. Link CAD/CAM 
packages for Direct Numerical 
Control (DNC). Requirements 
include a Master's degree or 
equivalent in Mechanical 
Engineering. No work experi- 
ence required. Applicants must 
have unrestricted authorization 
to work in the United States 
Salary $77,539/year. 40 
hours/wk. Respond with two 
copies of resume to Case 
#200202478, Labor Exchange 
Office, 19 Staniford St., 1st Fl 
Boston, MA 02114 


DBAs to install, configure. 
administer Oracle database 
SQL*Net, Net8; design & devel- 
op appls using Oracle, Dev 
2000, SQL, etc; maintain & mon- 
itor backup, recovery procedures 
and maintain database securi- 
ty:design, code Java2Beans for 
Oracle database access; per- 
form data entity design in Erwin. 
web interface design & appli logic 
definition. Prog. Analysts to ana- 
lyze, develop appls using OOAD. 
Java, J2EE, ASP, EJB, XML 
Jscript, Active X, JFC Swing 
HTML,etc under Windows 
UNIX os; perform req analysis: 
provide on site maintenance 
such as debug, modify, fine tune 
& code optimization. Require: 
BS or foreign equiv. in CS/Engg 
(any branch) & 2yrs exp in IT. 
Comp. Salary. Travel involved 
F/T. Resume to Infilink 
Corporation 4 Concourse 
Parkway, Ste 270, Atlanta, GA 
30328 


INTECH Software Solutions has 
several openings for Software 
Engineers. Will be responsible for 
research, design & development 
of software sys and appins. Must 
have a strong background in five 
or more of the following: Java 
C++, Tuxedo, Smalltalk. VB 
Oracle, Sybase, SQL Server 
UML, XML, XSL, Rational Rose 
MQ Series, Visibroker, CRM 
OOD/OOP, EAI iPlanet 
WebLogic, Solaris, and Windows. 
Must have MS or eqvint in 
Comp. Sci or Engineering and 3 
yrs rele exp. Job in Atlanta, GA 
and other locations. Send resume 
to HR, Intech Software Solutions. 
12600 Deerfield Parkway, Suite 
100, Alpharetta, GA 30004 
Email: hr@intechsw.com 


Prog. Analysts to analyze 
design, develop network s 

ty s/w using VC++, C++ 
Server, MS Access, IBM Visual 
Age, Apache Web Server, etc 
under Windows/UNIX os; design 
server side Java Components 
Gul using JScript, JSP, 
Serviets, HTML, etc; design and 
optimize database using JDBC. 
SQL, ODBC, etc; develop 
encription schemes; deploy 
evaluate, test appis. Require 
BS or foreign equiv. in 
CS/Computer Engineering with 
2 yrs exp in IT field. High salary. 
travel involved. F/T. Resumes 
HR, Lancope, Inc., 3155 Royal 
Drive, Bidg. 100, Alpharetta, GA. 
30004 
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Prog. Analysts to analyze, 
design, develop appis using 
C++, VB.Net, ASP.Net, Java 
JSP, Java Script, COM, Oracle 
SQL Server, IIS, HTML, etc 
under Windows,UNIX os; per- 
form system & functional analy- 
sis document development 
process; test, debug and 
upgrade existing software 
Require candidates with BS or 
foreign equiv. in CS/Engg.(any 
branch) & 2yrs exp. in S/W field 
F/T. Travel involved. Competitive 
salary. Send Resumes to: HR 
Softrim Corporation, 3443 Pine 
Ridge Road, Naples, FL 34109 


QA Specialist: Produce test 
plan, test reqmts documents 
create & run test scripts; compile 
test scripts into test procedures, 
code/dvip VB scripts for regres- 
sion testing; track & verify status 
of defects; dvip & run SQL 
queries, w/ Client/Server Testing 
& Rational products, w/propri- 
etary &/or COTS applics & main- 
frame applics. Req. Bach in CS, 
MIS or other related field + 2 yr 
exp. in job offd. Resume to Ms 
Parchment, Business Computer 
Applications, 2180 Satellite 
Bivd., Ste 325 Duluth, GA 30097 


Seeking qualified applicants for 
the following positions in Mem- 
phis/Collierville, TN: Senior Bus- 
iness Application Analyst. Act as 
liaison between technical devel 
opers and _ users/customers 
Requirements: Bachelor's degree 
or equivalent” in computer sci- 
ence, math, statistics, business or 
related field plus 5 years of expe- 
rience in analyzing business sys- 
tems and developing technical 
automated solutions. Experience 
with software development life 
cycle process and SQL also 
required. *Master's degree in 
appropriate field will offset 2 years 
of general experience. Submit 
resumes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Orlando, 
FL 32810. EOE M/F/D/V. 


Software Engineers Need- 
ed. Seeking qualified candi- 
dates possessing MS/BS or 
equiv. &/or relevant work 
experience. Part of the rel 
req. exp. must include 1 
year working w/ Data 
Transformation Services 
Duties include design, 
develop, test and support 
software applications and 
systems. Mail res., sal. req 
& ref. to: Smartopia, Inc., 
1990 Middlesex St., #5, 
Lowell, MA 01851. ATTN 
HR 


Software Enggs. to lead teams 
to design develop/maintain 
web appls using Java, J2EE 
Serviets, ASP, EJB, HTML, 
JavaScript, JSP, VB, SQL 
Server, etc on Windows & UNIX 
OS; provide training & user sup- 
port for the systems and related 
appin internally & to clients: 
debug arid modify existing soft- 
ware. Require: MS or foreign 
equiv in Comp. Sci / Comp 
Engg. & 1 yr exp. in IT. Full time 
High Salary. Travel involved 
Respond by mail to HR, ABZ 
Consulting, Inc., 2600 Century 
Prkwy, Ste 100, Atlanta, GA) 
30345 


Hetrosys, LLC, based in Detroit, 
Michigan seeks Senior UNIX 
System Administrators and 
Senior Database Administrators 
for Detroit and nation-wide 
opportunities All 

require B.S. in 

Science. UNIX position requires 
two years high availibility experi- 
ence and MC/Service Guard 
certification. Database positions 
require two years experience in 
decision support application 
development or data warehous- 
ing in addition to standard suite 
of ORACLE administration tools 
Apply via U.S. Mail with resume: 
to Hetrosys, LLC 3757 S 
Baldwin Road #223, Lake Orion, 
MI 48359 


Computers-Seeking qualified 
candidates for senior and mid- 
level IT professional positions 
including: Programmer Analysts, 
Project Managers, Software 
Engineers, !T/Software Consul- 
tants Systems Analysts. 
Qualified candidates must pos- 
sess MS/BS or equiv. and/or rel 
work exp. Some _ positions 
require 1 yr. SAP exp. Exp. in 
multi-module implementation/ 
multi-OS environment is pre 
ferred. Strong RDBMS back- 
ground a plus. Fwd resume & 
references to: Halcyon 
Solutions, Inc., Attn: HR, 950 
Taylor Station Rd #D 
Columbus, OH 43230. 
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Application Software Engin- 
eers needed. Seeking qual 
candidates possessing MS/ 
BS or equiv. &/or relevant 
work experience. Siebel cert- 
ification and experience 
preferred. Duties include Re- 
search, design and develop 
software applications and an- 
alyze software requirements 
Mail res., sal. req. & ref. to 
e-Prosoftgroup, Inc., 5617 
Byrneiand St., Madison, WI 
53711, ATTN: HR 


We do 
a better job 
at helping 
you 


get one. 


SEARCH FOR 
JOBS 
AND POST 
YOUR RESUME 
ON 
ITCAREERS.COM 
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SYSTEM ANALYST analyze. 
design, develop, test and imple- 
ment business apps, automated 
Processing activities using 
Oracle & Developer 2000 
Develop Forms & Reports. 
design & code on-line screens in 
Oracie database, document sys- 
tem model in Designer 2000 
Write PL/SQL batch programs 
for reading text files. Forms 
Reports, PL/SQL, Java Serviets 
DHTML, MS Access. Master's 
in Mgmt Information Systems 
[related field w/ 2 yrs of exp. as 
\.T. professional & at least 1 yr 
exp. in all above technologies. 
skills & tools required. Will 
accept Bachelor's w/ 5 yrs exp. 
in lieu of Master's w/ 2 yrs exp 
Send resume to: Palayekar 
Companies, Inc 1959 East Third 
St, Williamsport, PA 17701 


SOFTWARE ENGINEER 
Software engineer to design 
develop and test computer pro- 
grams for business applications: 
analyze software requirements 
to determine feasibility of 
design; direct software system 
testing procedures using exper- 
tise in Flash, TIBCO, XML 
STRUTS, EJB and WebLogic 
Requirements Bachelor's 
Degree or equivalent in 
Computer Science or related 
field and two years experience 
as a software engineer or com- 
puter programmer, knowledge of 
Fiash, TIBCO, XML, STRUTS. 
EJB and WebLogic. Salary 
$66 ,000/year 

Conditions: 8:00 A.M 

P.M., 40 hours/week, invoives 
extensive travel and frequent 
relocation Apply Site 
Administrator, Greene County 
Team PA CareerLink, 4 West 
High Street, Waynesburg, PA 
15370, Job No. WEB352072 


NetXert, Inc., has openings for 
Programmers, Software Cons- 
ultants, Programmer Analysts 
DBA's. Systems Analysts 
Engineering Programmer with 
three or more of the following 
skills: Java, J2EE, .net/ASP. 
Visual Basic, C, C++, Visual 
C++, Coldfusion, Cobol, SQL 
Server, DB2, CICS, Oracle. 
Informix Sybase, Access 
Actuate, PeopleSoft SAP, 
PowerBuilder. WebSphere 
WebLogic WebMethods. 
Apache, Unix, WinNT, Linux 
Bachelor's or Master's degree 
(or foreign equiv) plus 1 or 2 yrs 
exp req'd depending upon posi- 
tion. For some positions, we 
also accept degree equiv. in 
educ. & experience. Travel 
and/or relocation required 
Send resume & salary reqmt to 
H.R., NetXert, Inc., 315 E 
Eisenhower Pkwy, Suite 315. 
Ann Arbor, Mi 48108 


Trae The 
Best 
Get Better! 


www.itcareers.com 


W030001\N4 


Director. Managed Solutions 
Practice-Meet w/ management 
of prospective client to analyze 
client's needs. Prapose project 
& pricing. utilizing on-shore & 
offshore teams. Plan & manage 
Project deadlines & budget. Act 
as liaison between client, on-site 
team & offshore team. Respon- 
sible for successful implemenia- 
tion & customer satisfaction. Wiil 
accept Bachelor's Degree or for- 
eign equivalent in Computer 
Science, Engineering, Business 
or related field. Must have 2 yrs 
consulting, project management 
or related exp. The 2 yrs exp 
must include 1 yr of project coor- 
dination exp for project requiring 
on-site & offshore teams. Must 
have SAP exp $100K/yr 
40hrs/wk EEO/AAP/M/F/V/H 
Submit resumes to: Fayette Cty 
CareerLink, ATTN: CareerLink 
Program Supervisor, 32 lowa 
St., Uniontown, PA 15401-3513. 
Job Order No: WEB 351022 


DynPro, Inc., a leading IT 
Consulting firm, is seeking qual- 
ified computer professionals 
with 


* Websphere, Net.Commerce 
Net.Data 

+ JAVA, JavaScript, RMI, Swing 
CGI scripting-Peri, Shell, Korn 

* C++, OOS, OOP. Visual 
Basic, visual C++ 
SQL Server, DB2, Oracle 
QMF 
Win NT and UNIX 
administration, AIX 

* ABAP/4programming 

* SAP-SD, SM, MM, PP, PI 
WM, QM, PM, FI-CO, HR 
BIW, CRM, ASP, HTML, XML 

* Lotus Notes, Crossworld 

+ JD Edwards 


All positions require MS/BS 
degree with 1 or 2 years of expe- 
rience in the field and willing- 
ness to travel to client sites 
throughout the USA. Please e- 
mail resumes, prior to 10/1/03 
to: mplueddemann@dynpro.com 
EOE 


Senior Software Engineer 
InfoWeb Systems, Inc., a lead- 
ing provider of comprehensive 
computer software services and 
solutions, requires a Senior 
Software Engineer. Analyze 
requirements and design and 
develop webpage screenshots 
and applications using Sabre 
CRS, Amadeus JRES, BEA 
Portal and ISAP!. Document 
designs, prototypes and applica- 
tions developed. 


Job Requirements: Masters 
Degree in Computer Science or 
equivalent and 2 years experi- 
ence in all phases of Software 
Development Life Cycle using 
Sabre CRS, Amadeus JRES 
BEA Portal and ISAPI 
Document designs, prototypes 
and applications developed. 


Mail / Fax your resume to: 
infoWeb Systems, Inc 
3435, Asbury Road, Suite 175 
Dubuque, IA 52002 
Fax: 563.556.7990 


Software Engineer to direct. 
research, design, develop, test 
and document software systems 
The candidate should be well 
versed in al! phases of SDLC 
and SE! methodologies. Should 
be technically sound with hands 
on experience in building Client- 
Server, distributed and web 
applications on UNIX and 
Windows platforms using C++ 
Java CORBA, RDBMS 
BroadVision, TIBCO, Cognos 
shell scripting Clearcase 
OOAD, UML and RUP. Masters’ 
Degree in Engineering, and three 
years experience. Send resume 
to following address: Innovative 
Consulting Solutions, LLC, 1000 
E. Woodfield Rd., Suite 102 
Schaumburg, IL 60173 


iT/careers 


We seek exp'd IT professionais 
& Network Engineers 
Administrators & Public Health 
Data Anaiyst / Consultant / SAS 
Programmer. IT Professionais 
must have B.S. C/S or Eng’g or 
electrical / Electronics Eng’g. & 
exp. using the following skills 
(a) OEM, SQL Navigator, ETL 
Tools, SQL Anywhere, Business 
Objects, HP-UX, Sun Solaris; (b) 
Ultrix, Delphi, LISP, ProLogue 
MVS, UDB, IEEE v 6.0, Tivoli 
(c) SCO UnixWare Open 
Server, SANs, HP 900 series 
SunFire 6800, K-Shell Scripting. 
iPlanet Application Web 
Servers; (d) Optimize SQL 
Hypersion Essbase 5.0, T-SQL. 
BCP Scripting, Risk Scripting, 
HP-9000-800, ETL Tools (e) 
Network Engineers Admin- 
istrators must have 2 yrs. exp. & 
B.S. or Assoc. Degree in C/S or 
C/A. (f) Public Health Data 
Analyst Consultant/ SAS 
Programmer must have B.S 
MS in C/S or Public Heaith and 
exp. in statistical analysis of 
public health data / healthcare 
data using SAS 8.2, SUDAAN 
SPSS, EPl-info 2000. Please 
send resumes only to HR 
American Cybersystems, inc 
100 Crescent Center Pkwy, Ste 
290, Tucker, GA 30084 


Enhance your career possibili- 
ties with Fidelity Information 
Services. We currently have 
openings for the following posi- 
tions in San Diego, CA 
Programming Supervisor: Resp. 
include managing design, devel- 
opment, testing, documentation 
and analysis of ACBS software 
systems in the AS/400 environ- 
ment. Qualified individuals must 
have appropriate degree or 
equivalent and relevant experi- 
ence including. 2 yrs. of exp with 
ACBS software. 

Consultant Il: Implement ACBS 
suite of products/applications by 
leading support for installation 
configuration/design, testing 
conversion, and debugging 
Qualified individuals must have 
appropriate degree or equivalent 
and relevant experience includ- 
ing 2 yrs. of exp. with commer- 
cial lending products. Please fax 
or send resume with references 
to Jennifer Michel at Fidelity 
Information Services, 12250 Ei 
Camino Real, Ste 140, San 
Diego, CA 92130; Fax: 858- 
703-2465 


SOFTWARE ENGINEER 
Software engineer to design 
develop and test computer pro- 
grams for business applications 
analyze software requirements 
to determine feasibility of 
design; direct software system 
testing procedures using exper- 
tise in EJB, XML, JSP, STRUTS 
Tomcat, UML & JDBC. Req- 
uirements. Bachelor's Degree or 
equivalent in Computer Science 
or related field and two years 
experience as a software engi- 
neer or computer programmer, 
knowledge of EJB, XML, JSP, 
STRUTS, Tomcat, UML & 
JDBC Salary: $66,000/year. 
Working Conditions: 8:00 A.M 
to 5:00 P.M., 40 hours/week 
involves extensive travel and 
frequent relocation. Apply: Site 
Manager, Armstrong County 
CareerLink, 1270 North Water 
St., PO Box 759, Kittanning, PA 
16201, Job No. WEB352066. 


Datagence Inc. has openings for 
Senior Software Systems 
Engineers for locs in NJ & else- 
where Research analyze 
dsgn, dvip, test, & impimt s/ware 
applics using Java Perl 
ModPerl, Oracle, SQL Server, 
PostgressSQL, HP/UX, Sybase. 
Linux, Visual C++ & VB. Reqs 
Masters or equiv in Sci., Engg. 
Comp. Sci. or Math., w/2 yrs 
exp. Bach w/at least 5 yrs. of 
progressive exp. will be accept- 
ed in lieu of masters. Must have 
legal authority to work in US 
Excellent pay & benefits. Mail 
resume w/proof of work status 
to: restevez@datagence.com 
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Info-Matrix Corporation has 
immediate, opportunities for 
both entry-level and experi- 
enced Programmers 
Programmer Analysts, Systems 
Analysts, Software Engineers. 
DBA's and Software Consultants 
with three or more of the follow- 
ing skills 

SQL, GUI, COBOL, Unisys 
2200/Clearpath COBOL, DMS 
RDMS, TIP, ECL, WebTS 
OLTP, as well as MS.Net Visual 
Basic, OOD, C++, Visual C++ 
Oracle Sybase MFC 
PowerBuilder, Oracle 7.1 or 
later, Crystal Reports, Rational 
Rose JavaScript HTML 
DHTML, IIS, ASP, Java, LAN & 
WAN networking, SNMP, Frame 
Relay. Socket interface 
Network Node Manager, TCP/IP. 
Open View, Shell scripting 
Oracle SQL, Configuration 
Management Software 
Bachelor's or Master's degree 
reqd., depending on position 
lyr exp reqd. depending on 
position We also accept the for- 
eign edu. equiv. of the degree 
or the degree equiv. in edu. and 
exp. Frequent travel and reloca- 
tion. Send confidential résumé 
and salary requirements to 
2101 North Front St., Bidg. 4 
Ste 100, Harrisburg, PA 17110 
Visit our website at www.info- 
matrix.com 


SENIOR WEB DEVELOPER to 
design, develop, test, implement 
and support lienUserver and 
web-based application software 
using VB, ASP, VBScript 
JavaScript, HTML, DHTML 
XML, ADO, Crystal Reports 
ActiveX Controls, T-SQL, PL 
SQL, DTS Packages, Oracle 
SQL Server, IIS, MTS and MS 
Access with object oriented 
methodologies of COM/DCOM 
on Windows NT/2000 platforms 
Require: M.S. degree in Comp- 
uter Science/En 

closely related field w 2 

exp in the job offered o 
Software Engineer 

degree with 5 yrs 

Sively responsible exp 

field will be considered equiva- 
lent to a M.S. degree and 2 yrs 
of exp. Competitive salary 
offered. Send resume to com 
municationse@sensormati 
mor to Sensormatic Electronics 
Corp., 6600 Congress Ave 
Boca Raton, FL 33487; Attn: HR 
Ref. - Job AL 


Seeking qualified applicants for 
the following positions in 
Colorado Springs, CO: Senior 
Business Application Analyst. 
Plan, direct and coordinate 
large-scale IT development pro- 
jects. Requirements: Bachelor's 
degree* in computer science 
mathematics. statistics, accoun- 
ting or business plus 5 years of 
experience in analyzing busi- 
ness systems and developing 
technical automated solutions 
Experience with analytical 
reporting using either Focus 
SAS, SQL or business intelli- 
gence tools; and projeci or pro- 
gram management also 
required. “Master's degree in 
appropriate field will offset 2 
years of general experience 
Submit resumes to Recruitment. 
FedEx Corporate Services, 350 
Spectrum Loop Colorado 
Springs, CO 80921 EOE 
M/F/D/V 


Dynamic Systems, Inc. 
Programmer/Systems 
Analyst/Business Analyst For 
Lansdale, PA or North 
Brunswick, NJ 

Internet: Java, JSP, EJB. 
WebSphere, WebLogic, Perl/CGI 
VB, ASP, C##, ASP.NET, VB.NET 
Admin: AIX, HP-UX, Solaris 
Unix, Oracle, Sybase, SQL 
Server, DB2, Informix 
Skills: RDBMS, Unix, VC++ 
C,C++, AS/400, RPG, IBM MF 
Cobol, DB2, Clintrial, LIMS. 
Oracle Clinical 
1086 525 Milltown Rd, Suite#107 
North Brunswick, NJ 08902 650 N 
Cannon Ave, Lansdale, PA 19446. 
Phone: 732-246-2297 Fax: 732 
246-3362 
job@dynamicsystems-inc.com 
WWW. Dynamicsystems-inc.com 


ITHS Manager Provide 
information Technology Strat- 
egies, Capacity planning and 
prioritizing of IT-related projects 
Budgeting and purchase 
hard- and software plus external 
consulting services, Integration 
of computer systems with the 
headquarters n Sweder 
Development and ongoing host 
ing of Corporate intranet 
Website. Deployment of corpo- 
rate wide VPN-based server- 
system. Work with Risk man- 
agement of virus-attacks, hack- 
er-attacks and loss of portable 
computers. Work with backup 
procedures for emergency data 
recoveries. Monitor upcoming 
technology that can be put into 
business use, Internal education 
and support within S 
Creating Electronic documenta 
tion for customers, Web based 
customer support and 

merce. Establish ability ¢ 
tomer to post e-mail questions to 
highly qualified dental special- 
ists. Work with VPN, NT Server 
Exchange Server, SQL Server. 
WS Server, HTML, TCP/IP. 
DHCP, wired and wireless LAN 
Demonstrated ability providing 
Information Technology Strat- 
egies, Capacity planning and 
prioritizing of IT-related projects 
Budgeting and purchase of 
hard- and software plus external 
consulting services. Demon 
Strated ability working with NT 
Server, Exchange Server, SQL 
Server 1S-Server, TCP/IP. 
DHCP, LAN 40 
hriwk. 9:00 a.m 5 


Must have 4 years exp 

Case #206 
Labor Exchange Office 
Staniford Street, 1st fl.. Boston 
MA 02114 


VELOPER (Delray 
unanticipated employ 
ranches and affiliates 
nationally): Develop robust 
cient web and packaged sys- 
tems. Analyze existing applica- 
tions and b 
flows, and 
for improvement. List benefits: 


usiNess process 


nmend solutions 


pitfalls for software projects and 
provide time estimates for new 
s. Design new systems. 
write efficient code, provide test 
environment, implement and 
support the finished products 
Must be able tc 
experience Jevelopmenta' 
tools in MS Visual Studio 6.0 & 
Visual Studio.Net (C# & VB.Net 
Visio & Crystal Reports; (2 
database technologies in MS 
SQL Server 7.0/MS SQL Server 
2000; (3) XML, UML & ob; 
oriented technology; & (4 at 
forms Win 2000 (Professiona 
Server/Advanced Server). Must 
be able io utilize and have 
knowledge of Web Services 
(.Net). Must possess a Master's 


utilize and have 


degree or equivalent in 
Computer S 9+ Computer 
Engrg.; and 6-mth experience in 
job offered or 6-mth experience 
as Software Engr. or Software 
Developer. $70,000/y 

5pm: 40 hrs/wk; M-F. Se 
resumes to HR101 

Services Internationa 

MyTravel USA, 220 

Park Dr. Delray 


33445 


Programmer Analyst 
Austin, TX - Develop, pro- 
gram and test custom inter- 
faces and data conversion 
programs for information 
technology company. 
Client Support req'd. BS in 
Computer Science or reiat- 
ed field. Salary commensu 
rate with exp. 40 hrs/wk 
8:30 AM - 5:30 PM, M - F 
Mail resume to: Info Tech 
5700 SW 34th Street 
1235, Gainesville, FL 
32608. EEO M/F/ViD 
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Continued from page 1 
Spending 


in 2004 to remain flat with 
this year’s spending level. 

On average, IT spending 
will amount to about 3% of 
corporate revenue next year, 
predicted Stamford, Conn.- 
based Meta. That’s down from 
the boom years of the dot-com 
era. But Howard Rubin, Meta’s 
executive vice president, not- 
ed that IT spending as a per- 
centage of revenue was even 
lower before the boom helped | 
fatten those figures. 

“Companies are finding 
they can run their operations 
at a lower level [of spending],” 
he said. “It’s almost like a mar- 
ket correction.” 

Rubin’s assessment maps 
with the situation at Eastman 
Chemical Co. in Kingsport, 
Tenn. CIO Jerry Hale said the 





chemicals maker plans to 


Continued from page 1 
Symphony 


tight right now” and also ques- 
tioned whether provisioning 
technologies that automatical- 
ly reroute data traffic might 
affect the system configura- 
tions that IT architects have 
set up to run applications on 
specific servers 

The provisioning tools be- 
ing developed by IBM are 
based on technology that it 
picked up through a May ac- 
quisition of Toronto-based 
software vendor Think Dy- 
namics [QuickLink 38454]. 
IBM’s planned rollout follows 
announcements of data center 
provisioning technologies and 
services by HP and Sun as part 
of their respective Utility Data 
Center and N1 initiatives. 

But IBM would be the first 
major vendor to actually come 
to market with software that 
gives users the ability to pro- 
vision server resources on the 
fly, said Richard Fichera, an 


| data centers,” he said. “If IBM 





analyst at Forrester Research 


shave its 2004 IT budget by 


| 10% compared with this year’s 


allocations, while continuing 

to maintain existing support 

for its business operations. 
During 2004, Eastman will 


| focus on maximizing 


the value of its pre- 
vious investments in 
manufacturing-exe- 
cution and ERP sys- 
tems, a data ware- 
house and a corpo- 
rate Web portal, 
Hale said. 

But the spending 
cutbacks made by 
many companies 
during the past few 
years could eventually havea | 
whiplash effect on IT depart- | 
ments, said Tom Pisello, presi- | 
dent and CEO of Orlando- 
based Alinean. According to 
Pisello, corporate business | 
units have resorted to creating 
“shadow” IT departments to 
launch pet projects that have 


ClO TOM 


Ayre] 
Flare es 


Inc. in Cambridge, Mass. 
“This is a really important 

capability for anybody at- 

tempting to do virtualized 


can truly do what they’re 
claiming, this raises the bar for | 
other players.” 
But it likely will take years | 
for IBM and its rivals to fully | 
flesh out the provisioning 
functionality, Fichera added. 
IBM needs to prove that its 


» | 


Codi ice ders) e | 


been stalled by IT budget cuts 
(see “Dealing With Rogue IT,” 
Page 27). Eventually, IT man- 
agers could become responsi- 
ble for maintaining the sys- 
tems installed by business 
units, he said. 

Tom Murphy, CIO 
at Royal Caribbean 
Cruises Ltd. in Mia- 
mi, said he expects 
the company’s ongo- 
ing IT support costs 
to rise 5% in 2004, 
while capital spend- 
ing should see a 
spike of 10% to 15%. 
The increase in capi- 
tal investments will 
be driven by a continuation of 
the cruise line’s efforts to re- 
vamp its supply chain, install 
middleware on ships and at 
shoreside facilities, and imple- 
ment new customer-facing 


Utah 


to spike 
ela 


| systems “to help us be easier 
| to do business with,” he said. 


As the information systems 


tools work, “and then start 
working through the list of ap- 


| plications that people have 


trouble managing,” he said. 
Pricing could also be an ob- 


| stacle for some users. IBM 


said Intelligent Orchestrator 

will start at less than $20,000, 
but total costs for wider roll- 

outs of Symphony products 


| and services could reach sev- 
| eral million dollars for compa- | formation about the applica- 


nies with large, distributed 








director at Holiday Retire- 
ment Corp. in Salem, Ore. 
Steve McDowell is in the envi- 
able position of expecting his 
IT budget to swell by 25% to 
30% next year. That’s because 
the operator of 270 retirement 
facilities in the U.S. and Cana- 


da still has to automate many 


of its operations, he said. 

For example, daily updates 
on the arrivals and departures 
of the senior citizens that Hol- 
iday Retirement houses are 
now done manually and sent 
via overnight delivery to com- 
pany headquarters. Next year, 
the company hopes to use its 
J.D. Edwards & Co. ERP sys- 
tem to automate that process, 
with IBM’s Notes software as 
a front-end application. 

Rubin said some companies 


will continue to “spend money | n 
| that ClOs were using the economic lull to 


to save money,” such as invest- 
ing in server consolidation 
projects to bring down hard- 
ware purchasing, leasing and 


computing installations. 

The Symphony software 
will support multivendor 
computing installations and 
standards such as XML, the 
Open Grid Services Architec- 
ture, Java, the Simple Network 
Management Protocol and 
SOAP, said Jocelyn Attal, a 
vice president at IBM. The 
tools will be able to gather in- 


tions that a company is run- 


Sun Adds Remote Monitoring Service, With a Pricing Twist 


Sun has started offering its top 
customers a remote network 
monitoring service under which 
the vendor captures data about 
a company’s use of computing 
resources and recommends 
ways to optimize processing. 
Over the next two years, Sun 
hopes to sign up 70% of the 
corporate users it does business 
with directly to use the remote- 
monitoring capabilities, said 
Vivek Joshi, vice president of 


strategies at the company’s Sun 
Services unit. 

Pricing for the service, which 
is based on a Sun-developed 
monitoring technology called 
NetConnect, will be handled on 
a customer-by-customer basis, 
Joshi said. Companies with 
“well-managed” systems will get 
price discounts that won't be 
made available to users that 
don't do such a good job of 
managing their IT infrastruc- 


tures, he added. 

“It's the same notion as health 
insurance,” Joshi said. “If you 
take care of yourself well, you'll 
benefit financially and opera- 
tionally.” As part of the plan, he 
said, Sun will use a risk profile it 
has developed to evaluate IT op- 
erations at customer sites and 
then create a “wellness index” 
for determining how to price the 

-Thomas Hoffman 





maintenance costs. But many 


| IT departments that have been 


cost-focused in the past three 


| years are likely to pad their in- 
| vestments in CRM technology 


to help grow revenue as con- 


| sumer confidence begins to 
| pick up steam, he added. 


Even so, most companies 
likely will continue to take a 


| “piecemeal approach” to CRM 


rollouts and other complex 


| projects instead of laying out 
money on big-ticket installa- 

| tions, said Stephen Minton, an 
| analyst at Framingham, Mass.- 
| based IDC. D 


" MORE ONLINE 


F Most ClOs surveyed 
by Robert Half Technology don’t expect their 


| IT staffing levels to change in Q4 
| QuickLink 40966 


In July, we reported 


figure out what investments to make when 


| the economy picks up: 


QuickLink 39664 
www.computerworld.com 


ning “and develop a workload 


| model based on resource re- 
| quirements,” she added. 


In an initial project, IBM it- 


| self is using Intelligent Or- 


chestrator to help manage 
traffic spikes on the servers 


| that are supporting the Web 


site for the U.S. Open tennis 
tournament, which is being 
held in Flushing Meadow, 


| N-Y., through Sept. 7. IBM is 


managing IT operations at the 
tournament for the United 
States Tennis Association. 

Amy Wohl, an analyst at 
Wohl Associates in Narberth, 
Pa., said that IBM, HP and Sun 
are all well positioned in the 
emerging market for data cen- 
ter provisioning tools. 

“Customers want to go to an 
IBM, HP or Sun to help them 
deal with their messy hetero- 
geneous environments,” Wohl 
said. “They don’t want to buy 
this from 12 different niche 
vendors.” D 


Robert McMillan of the IDG 
News Service contributed to 
this story. 
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N THIS LABOR DAY 2003, what’s the state of IT work? 
According to the numbers, it’s not quite as bad as it 
could be — but it’s still pretty grim. A report out last 
week from Robert Half Technology says that only 4% 
of CIOs plan to cut IT staff by the end of the year (see 
story, QuickLink 40966). Then again, only 9% plan on adding IT 
staff. That’s not exactly a roaring IT job market. 
But dig a little deeper, and you'll find that the big story isn’t in the 
statistics. It’s in what companies want from IT people going forward: 
real business experience to go along with technology expertise. 


That’s what CIOs are telling U.S. colleges and 
universities they need from computer science 
graduates, according to a recent Computerworld 
survey [QuickLink 40537]. Those CIOs say they 
don’t want to hire fresh-faced geniuses who 
have mastered the latest tech but are clueless 
about real-world business needs. 

And CIOs are putting in more time and effort 
than ever before to help shape computer sci- 
ence curricula, so they'll have a better chance 
of getting future IT employees with the busi- 
ness and communications skills they need. 

That’s the state of IT work today: Purely 
technical work is out, and being a pure technol- 
ogist won’t cut it in corporate IT shops any- 
more. From here on in, the relentless focus for 
IT work is on the business. 

But that shouldn’t be a surprise. We’ve been 
talking about the importance of aligning IT 
with business needs for a long time. We’ve been 
offloading pure technology jobs for even longer 
— that’s why Microsoft, SAP and Oracle build 
our software, just as IBM, Sun, Dell and Cisco 
build our hardware. And increasingly, the rest 
of our pure technology work will be done by 
outsourcers. 

So what work is left for IT people 
to do? Plenty. 

Right now, users struggle with 
our systems. They struggle because 
we can’t keep up with them. Busi- 
ness conditions change. Business 
opportunities appear and vanish. 

Our users react in real time — 
changing the way they do business 
to meet those constantly shifting 
situations. 

But our systems don’t change to 
match those changes in our busi- 
ness processes. Forget about real 
time — we're lucky if we’re just 





months behind in tracing those changes. Some- 
times we're years behind. 

Result: Users have to work around those gaps 
where systems don’t match processes. And 
those work-arounds cost time and money — 
and sometimes lost business. 

And often enough we don’t even know 
there’s a problem. Far too many IT people fig- 
ure their job is done if a system meets the spec- 
ification or the service-level agreement — nev- 
er mind whether it matches the real business 
process. And too many IT people don’t have 
enough contact with users to find out what the 
real business processes look like anyway. 

How do we solve those problems and close 
those gaps? We need to understand our busi- 
nesses better. We need to communicate with 
users. And ironically, we need more and better 
technology skills — that’s the only way we can 
assemble systems that are flexible enough so 
we can continuously retool them to match con- 
stantly changing business processes. 

Yes, that’s right: The only way IT people can 
stay relentlessly focused on the business is by 
being even better when it comes to technology. 

Making all this happen won’t be simple. For 

lots of us, it won’t be comfortable. 
And even if we get it right, it will 
never be orderly or tidy. Business 
doesn’t work that way. We'll be 
carving order out of continuous 
change. We’ll be wrestling technol- 
ogy into place one day to support 
business processes that may 
change the next. 

But that really is what’s needed. 
So forget the statistics, and start 
bearing down on that business 
problem. Because when it comes to 
the state of IT work, we’ve got our 
work cut out for us. D 
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We can. That’s ra IBM has devoted a tremendous amount of resources to Linux. 
We have over 7000 IBMers working on Linux- related projects. Thousands of Linux 
customer engagements. And more Linux-enabled software than anyone. To learn 


nate] g- me leleley IBM, Linux and visit ibm.com/linux/seeit 
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Deliver tailored, 
mission-critical 
business intelligence. 


With decision authority distributed across business units, how 
can you quickly provide each one with precise and reliable 
intelligence? And ensure that all decisions are aligned with 
strategic goals? SAS" software brings you an integrated archi- 
tecture—complete with targeted interfaces — that allows different 
users to tailor information access, analysis and reporting to fit 
their skills and requirements. This centralized approach lets 
you share cleansed and relevant data from throughout your 
enterprise, while retaining control over data consistency and 
quality. Put 27 years of SAS technology leadership to work for 
you. Call toll free 1 866 270 5728. Or visit our Web site for a 


free white paper and interactive tour. 
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